1 / 38

Contivity Competitive Playbook

Discussion Topics. Cisco deficiencies? Why Nortel's Contivity is the market leaderCisco FUD? how to counter Cisco FUD with realityWhy Contivity products are ideal forThe EnterpriseThe Service ProviderWhere we stand?relative strengths and opportunities for ContivityAppendix. Legend. When referr

marilu
Télécharger la présentation

Contivity Competitive Playbook

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Contivity Competitive Playbook The Cisco Menace

    2. Discussion Topics Cisco deficiencies Why Nortels Contivity is the market leader Cisco FUD how to counter Cisco FUD with reality Why Contivity products are ideal for The Enterprise The Service Provider Where we standrelative strengths and opportunities for Contivity Appendix

    3. Legend When referring to the terms Altiga, Compatible and VPN Routers, we typically mean: Cisco Altiga = VPN 30XX Cisco Compatible = VPN 50XX Cisco VPN Routers = VPN 7120 & 7140

    4. Cisco Deficiencies A Summary Why Nortels Contivity is the market leader

    5. Deficiencies in Ciscos VPN solutions Lack of clear product positioning and purpose Multiple model numbers Confusing approach to customer needs Absurd claim that 17 disparate products are VPN-optimized!!! Cisco secure VPN IRE and Altiga clients do not support Windows 2000 Compatible does Once again: disjointed strategy! No low-end hardware available until early 2001 (to be called the 3002 another model to keep track of!)

    6. Deficiencies in Ciscos VPN solutions No ICSA certification for Altiga No proven pair-wise interoperability Being last to the party means a lot of work Can they even prove IOS to Altiga interoperability??? No FIPS certification Limits government business Related to Altigas dubious security environment??? Certificate story is a mess! Implementation nightmare, Internet Explorer version xx only??? (is that a strategy?) No auto-enrollment strategy! No management features!

    7. Deficiencies in Ciscos VPN solutions If Cisco plans on introducing a compression feature, then its existing $12,000 encryption card will not support compression! Cisco would have the customer believe that developing a software based compression feature is a time-intensive effort; and hence is not being developed Weak processor how is Altiga ever going to incorporate additional required features DiffServ Bandwidth Management Multicast

    8. Deficiencies in Ciscos VPN solutions Altiga is deficient in accounting capabilities No internal accounting support Requires purchase of separate servers and software to support RADIUS accounting Lack of integrated firewall Ciscos stand-alone firewall necessitates another piece of hardware! Buy their router (VPN optimized), then buy their firewall, then

    9. Deficiencies in Ciscos VPN solutions Insufficient database support for AAA in Altiga Depends primarily upon external databases Internal database limited to just 100 profiles Imagine how limiting this is for 10,000 users!! Lack common popular format such as LDAP

    10. Cisco FUD How to counter Cisco FUD with reality

    11. Client strategy Cisco says We have a complete and comprehensive client strategy Reality: Cisco requires three different product platforms to provide the same client support that Contivity provides through just one platform! Theyll tell you that theyll merge without details! Easier said than done

    12. UDP wrapper strategy Cisco says, We have implemented a UDP wrapper while Contivity hasnt Reality: Contivity is correct! Older versions of NAT are not IPsec aware However, most new products support IPsec aware new NAT The problem is much less severe than Cisco contends Could be an issue for some hotel LANs or corporate LAN environments Nortel working with Microsoft and others for INDUSTRY solution, not proprietary competitive cudgel

    13. Firewall strategy Cisco says, Weve got a firewall Reality: Ciscos PIX firewall Requires yet another box! PIX has a weak VPN story Contivity Common stateful inspection across both NN Shasta and Contivity per NN IP VPN strategy Consistent management Java applet Preside (H1, 2000)

    14. Scalability strategy Cisco says Contivitys Intel based architecture doesnt allow scaling of Contivity from one model to the next Reality: This is a non-issue and a half-truth! Contivity price/performance ratio continues going down e.g., the current 2600s evolution Contivity 2000 180 MHz Pentium; 200 tunnels Contivity 2500 333 MHz Pentium; 400 tunnels Contivity 2600 733 MHz Pentium; 1000 tunnels Provides easier and tighter integration of 3rd party code for value-added features Intel architecture is well established & open!

    15. Scalability strategy Reality: This is a non-issue and a half-truth! Only Altiga allows limited scaling 3030 -> 3060, 3060 -> 3080, 3030 -> 3080 Does not apply to 3015 -> 30xx Does not apply to other Cisco VPN products Benefits of scaling are dubious Performance degrades dramatically When going from 3060 -> 3080: # of Altiga SEPs (encryption cards) remains the same Hardware processing power remains the same

    16. Enterprise positioning Cisco says We have the true enterprise security solution the customer already has our routers, so the customer doesnt need a whole new VPN device Reality: VPN devices are optimized to provide security Theyre not (primarily) routers Theyre not (primarily) firewalls They are primarily VPN security devices Small enterprises/ businesses can use Contivitys routing capability instead of buying a whole router The integrated firewall provides stateful inspection and minimizes interoperability issues

    17. Enterprise positioning Bottom line: Ciscos IOS (in general) is not enough for VPNs Thats why it acquired Altiga Altiga was a start-up being financed at the 3rd round in danger of folding because there wasnt much in Altigas VPN story Altiga is still Altiga! No installed base No large carrier No large enterprise/ Fortune 500 Lacks basic VPN functionality

    18. Why Contivity products are ideal

    19. Contivity as the ideal VPN solution for the Enterprise Offers scalable solutions various models based upon customer needs # of tunnels Memory (base and expansion) WAN connectivity Enables e-business with ease Set up tunnels Branch-to-Branch Small branch-to-head end Vendor-to-head end Redundancy and fail-over capability

    20. Contivity as the ideal VPN solution for the Enterprise Permits tremendous savings in remote access Performance keeps improving (lower cost per tunnel) Superior, secure remote-access with convenient client interface: easy-to-use, easy to administer, flexible client options (Windows including Win2K, Linux, Mac, OS/2) Partnership with vendors to offer additional features, e.g., Network ICE offers intrusion protection Models exist without remote access The Contivity contains multiple functions which are useful to enterprises of various sizes Router/ internet access Integrated firewall VPN security

    21. Contivity as the ideal VPN solution for the Service Provider Provides flexible, easy to manage solution Management interface Joint development (management & provisioning) with carrier community Easy-to-use, web GUI based Remote management control tunnels Powerful management systems (Optivity and Preside) to manage cross-platform and/or cross-divisional, cross-enterprise VPNs Easily provisioned VPN Bulk loading CLI available Industry leading remote-access solution Robust client (works with all kinds of laptops, desktops, clones, etc.) 50 million installed base High availability/ low down-time Use different models based upon different end-user needs

    22. Where we stand Relative strengths & opportunities for Contivity

    23. Client capabilities Over-abundance of clients for its VPN solution VPN 1.1 IOS/PIX Client (IRE) VPN 3000 Client (Altiga) VPN 5000 Client (Compatible) Artificial options Cisco still wants the customer to use IOS Compare Ciscos over-abundance with Contivitys tight focus on its industry leading Extranet Client supported on multiple operating system platforms Supports IRE as well

    24. Comprehensive product offering Nortels Contivity provides a tightly integrated set of products 4 models Provide coverage of entire spectrum of applications Remote Access Branch-to-Branch Small branch-to-head end Integrated firewall capability Contivity view: VPNs are LANs extending outward (not WANs extending inward Cisco)

    25. Comprehensive product offering Ciscos offering is comprehensive alright! 17!!! Products claiming to provide VPN functionality Optimized VPN functionality if it smells like a router, walks like a router, then it must be a router! Cisco will continue to push IOS

    26. File storage No hard drive no features! Uses a hard disk drive Provides more memory/ larger storage space Allows easy portability of files Minimizes problems with copying configurations from one device to another Scalable: hot swap-able Backup for multiple configs to images Minimum 60 day logging

    27. Carrier positioning True carrier positioning unclear Could be 7100 Could be Compatible Likely scenario to include klugey solution at Enterprise end: Where does PIX fit? Where does 7100 fit? Where does Altiga fit? No centralized management system Carrier class product Scales easily for multiple sites Centrally managed environment Ease-of-use makes it ideal for enterprises scales easily for # of users Secure management via control tunnels

    28. Remote access strategy Internal database limited to only 100 profiles Depends primarily upon external databases for Authentication, Authorization and Accounting (AAA) Lack of common format such as LDAP limits ability to import/export user and group profiles from/to external databases Supports two common formats internally LDAP for user and group profiles scalable, i.e., one group/policy if required RADIUS for accounting (internal or external) Standards based directory structure allows Contivity to support tens of thousands of LDAP user and group profiles Product line scalable to tens of thousands of users

    29. 3rd party certification Not ICSA certified No certification of cryptographic integrity No certification of interoperability Not FIPS certified ICSA certified for over the last year Passed pair-wise interoperability testing FIPS 140-1 Level 2 certified

    30. Performance issues Offers no compression Tunnel protocols cause packet inflation Compression is a must especially for modem connect remote access users Minimize packet fragmentation Hardware acceleration a must for even normal operation! What about AES? Locking into SEP hardware doesnt help in adopting newer encryption standards! Offers superior hardware & software encryption & compression through HiFN 7751 Compression enables tremendous relief on network resources with large # of sessions enhances remote access throughput capability Contivity provides carrier-class performance even without hardware accelerator PCI accelerator design allows faster time to market for new crypto silicon 7751 -> 7811 -> 7851

    31. Security features backdoors? Backdoors galore! if the password is lost or to gain unauthorized access Reboot the 1720 router Press ESC Run the ROM program Enter a new password Re-write the security configuration OR Simply remove the battery! passwords get reset to factory settings Unauthorized users cant use backdoors If a password is forgotten, the Contivity must be sent back to the factory No back door The Contivity is a SECURITY device

    32. Security features - PKI Altiga support limited to IE browser based APIs for certificate management Merely import digital certificates to web-browser Only IE 4.0 and 5.0 supported No Netscape support No Features Integration of PKI function using vendor DLL Entrust Verisign Auto-enrollment Auto-renewal CRL processing

    33. Security features split tunneling Unsecured split tunneling No client side policies Susceptible to attacks Provides client side policy software Secured split tunneling possible Integrated personal firewall, intrusion protection system, etc. provide additional PC security

    34. Security features firewall Standalone PIX firewall not integrated with VPN capability Integrated software firewall ensures tight functioning with VPN switch Packet filtering Stateful inspection

    35. VPN management capability Java based GUI only Pseudo CLI Menu driven telnet session No real command-line functionality No provision for service-provider bulk configuration (Lack of) Management options Cisco IOS/CLI Altiga Java/web Compatible - ??? Elegant GUI built into the Contivity server Entire enterprise control from any workstation Configure Manage Monitor Management options: Preside Bulk config CLI Optivity Carrier and Enterprise options

    36. Internal accounting Altiga does not support internal accounting Separate servers and software must be purchased to support RADIUS accounting Contivity supports internal (along with external) RADIUS accounting

    37. Appendix

    38. Summary - Comparison of features

More Related