Extranets With Routers">
Flatrock Inc.s Linux-based series 1500 Application Routers break new ground in the extranet market by providing enterprises with a simple, secure and manageable way to rapidly deploy applications over networking and organizational boundaries.
In eWeek Labs tests, the Flatrock Instant Extranet package—comprising a pair of Series 1500 Application Routers called the PAR (Provider Application Router) and the SAR (Subscriber Application Router) and the tunnel that connects them—enabled us to share resources with other sites while exposing very little of our internal network structure.
The Flatrock Instant Extranet package will appeal to companies that need a way to quickly establish secure connections with remote or partner sites. However, the package is expensive, with a base configuration costing $36,000 for one PAR and one SAR. In addition, Flatrocks routers can handle only IP-based applications, and the company faces competition from vendors such as Slam Dunk Networks Inc., which targets mainly financial companies.
Secure network tunnels such as those provided by IP Security VPNs (virtual private networks) work well for remote client access to corporate networks. However, they arent good for business-to-business and supply chain environments because of the complexities of setting up and managing multisite interconnecting networks.
Par for the Course
In the Flatrock Instant Extranet setup, a PAR is deployed at the provider site on the network connected to the application servers, and one or more SARs are deployed at remote or partner sites. The PAR handles the application deployment and remote site management and can share applications with multiple SARs.
Flatrock uses proprietary TruTunnel technology to transport data between the PAR and the SAR. The TruTunnel virtualizes the server or clients so that systems at each end of the tunnel think they are talking to a local device, eliminating the need to exchange routing information between the provider and the subscriber networks. Remote clients use a standard Web browser to access the share applications through the SAR, and no additional client or server software is required.
Flatrock Series 1500 Application Routers are priced at $30,000 for the PAR and $6,000 per SAR. Both appliances have dual 10/100M-bps Ethernet ports and a large LCD panel in the front for setting network configurations. We were disappointed that Flatrock didnt use Gigabit Ethernet in the system for improved scalability. Flatrock will incorporate Gigabit support in future products, company officials said.
Instant Extranet is an expensive proposition compared with VPN systems. However, savings over the long term should compensate for the initial high cost at many organizations, especially at enterprises that have multiple partners and remote sites.
In tests, we were impressed with how easy it was to configure the Flatrock Application Routers. IT managers need to change only one part of their network topology to create a rule in the firewalls to allow outbound traffic through User Datagram Protocol Port 5000, which is used by the application tunnels.
We used the LCD screens to set all the initial IP configurations so the PAR could communicate with the SAR on two networks connected by a Cisco Systems Inc. router.
The PAR is managed through the Web-based administration console via Secure Sockets Layer connections. Using Microsoft Corp.s Internet Explorer 5.0, we set up application templates on a Windows 2000 application server and assigned them to our test site. We then easily created application templates to share Web pages, exchange e-mail and share a Windows folder.
Flatrock employs several steps to ensure that the communications between routers are legitimate and secured. The PAR uses site names to identify the SARs, and each newly installed SAR must be registered with the PAR with a randomly generated password. The password is used to establish a secure session to exchange RSA public keys for future connections. The SAR can communicate only with the PAR to which it is registered.
Flatrock also gives the provider site the control to revoke access to resources as quickly as it can provide them. To stop access to an application, we simply deleted the applications assigned to the SARs in the PAR.
The PAR includes several options designed to enhance network security and performance. The PAR can deliver applications with compression and two types of encryption (IP Security with 128-bit Triple Data Encryption Standard or Blowfish) and can throttle bandwidth limits upstream and downstream. Network file shares can also be deployed to remote sites. The PAR can deliver Windows and NetWare file shares or share files via FTP.
The PAR can provide monitoring per application for each site: We used the monitoring option to show real-time statistics—useful for trouble-shooting and to enhance end-user experiences.
Instant Extranet offers limited backup redundancy with two pairs of PARs and SARs in parallel configuration. If any single system fails, clients can point their browsers to the backup system. This means companies will have to invest in additional routers. Future releases will implement dynamic failover and load balancing in PAR pairs, Flatrock officials said.
Technical Analyst Francis Chu can be reached at [email protected]