Product Reviews

VPN-ing Made Easy

Celestix takes the pain out of virtual networking.

• By Diane Pencil
• 04/01/2004

Celestix is trying to change all that with hardware and software that takes the sting and trepidation out of VPN design and installation. The Celestix VPN RAS 3000 is the first appliance-based VPN based on Windows Server 2003.

I’m often chided as not being a “real” engineer because I read the manual before starting. In this case, the installation and design manual for the RAS 3000 is clearly laid out, methodical in approach, and not overwhelming in the steps and time it took to get the unit operational on the first pass. The initial installation was relatively quick, and the software interface clean and easy to use.

The device has an internal hard drive rather than solid-state components. This may be seen as a limitation, but the reality is the mean time between failures for the internal hard dive exceeds the life expectancy of the unit, making the issue moot.

I tested the device on a corporate network and had a few problems dealing with throughput. I also found the device a bit difficult to setup on our gigabit-backbone LAN. The 100 Mbps interface was tricky, but some configuration changes on our T-1 and T-3 lines actually worked out better in the long run.

The RAS 3000 seems designed more for versatility than security. Out of the box, the appliance uses Point-to-Point Tunneling Protocol (PPTP). While considered a lightweight approach, there is also an L2TP/IPSec option. The box also includes dedicated ports to secure wireless LANs.

The RAS 3000 is a 1U rack mount device powered by an Intel Pentium III.

Though personal firewall and anti-virus aren’t part of the client installation, companies looking to use this appliance will likely already have their own versions of these tools installed. However, the RAS 3000 features a quarantine control to ensure that clients are equipped with corporate standard anti-virus, personal firewall, and standard operating systems software.

A Web interface comes preinstalled on the unit and was a pleasure to work with. Software updates are handled as maintenance releases and can be downloaded and installed (or uninstalled) as needed.

There’s a level of control that’s much better than on most other units. Policies can be used to dictate access for things like extranet clients and port settings. I easily limited Kazaa traffic through policies and traffic monitoring. I was also able to give only the network administrators access to terminal services, while blocking all other access.

The bottom line is convenience and ease of use. Though some things are lacking that you might expect to see in an appliance—like a firewall and anti-virus software—the versatility this unit provides, along with the easy to use interface, make it a dream to install and work with. The RAS 3000 adds great value to the core routing technology of Windows 2003, especially through alerts and monitoring capabilities. The best news is the RAS 3000 system comes pre-hardened and optimized for VPN. The box comes packaged with enough licenses for 1,000 concurrent users.

For small- to medium-sized businesses, my advice is to run, not walk, to your nearest dealer and get one of these units. In the quest for a VPN solution that’s easy to set up, quickly operational, easy to manage and has a built-in interface that can’t be beat, the RAS 3000 is hands-down the best appliance based solution I’ve seen.