There are some products that just exude solidity and security, and Bay Networks' Contivity 2000 is one of them. A hefty four-unit high, rack-mountable virtual private network (VPN) solution, the Contivity 2000 performs as robustly as its formidable design suggests.
The Contivity 2000 offers a comprehensive set of security policies suitable for midsize environments, using Remote Authentication Dial-In User Service (RADIUS) to manage users. By supporting a variety of VPN technologies, it provides flexible access to your network. In addition, the unit's stellar maintenance features surpass those of more mature solutions: for example, it can download and install new versions of its software over the Internet while maintaining a backup of the old version, which can be easily reinstated.
Because it is so robust, the Contivity 2000's Web-based administration can be intimidating at first: there are eight categories, ranging from network configuration to logging and authentication.
Each category then has five or six subtopics, leaving you with a lot to think about. Still, once I was comfortable with the tool, I appreciated the control it offered and its logical layout.
The administration application also offers a "Guided Tour" mode to guide the novice user through configuration options. But like most administrators, I prefer to jump around and configure things in my own order, and it was easy to do so.
By supporting L2F, PPTP, and IPSec, the Contivity 2000 can allow pretty much any device into the network. The unit comes with its own IPSec client, which I found worked just fine, although using PPTP still provided much higher performance. Bay has announced support for L2TP, the Cisco/Microsoft standard, in a future release.
Designed to support as many as 200 users, the Contivity 2000 offers a complete set of policies, including day and time restrictions, destination network restrictions, and more. In order to keep its potentially huge user list from turning into a real mess, it works with any existing RADIUS server: it also comes with an internal RADIUS server.
Groups and users are created and linked in a hierarchical manner, so user jsmith can be a member of the group R&D, which could in turn be a member of the Engineering group, which could be a member of the Sydney group. Permissions are inherited from the top down and can be overridden at any point.
The unit can log extensively, so the security-conscious administrator can see exactly who is connecting to the network and when. It offers great real-time counters, so troubleshooters will be able to see what's going into the box and what's coming out.
Where the Contivity 2000 really shines is in its excellent maintenance features - in fact, they are better than most well-established, mature solutions. The unit offers a special recovery mode whereby an experienced user, possibly with the help of technical support, can get right to the files on the unit's hard drive to repair them. Configurations can be saved and restored, and new software versions can be downloaded by the unit itself from the Internet, using FTP.
During setup and afterward, all configuration of the unit must be done from the internal interface or over the VPN - a suitable security policy for this kind of device. The initial setup program did little more than set up the unit's IP address, then launch a browser to bring up the administration screen.
With its easy-to-use, thorough administration and solid design, the Contivity 2000 is one of the best solutions I've tested for VPN deployment in midsize networks.
The Bottom Line
Bay Networks Contivity 2000
About the most solid virtual private network (VPN) box I've seen, the Contivity 2000 is an ideal solution for VPN deployment in midsize environments.
Pros: Supports IPSec, PPTP, L2F, and L2TP; easy administration.
Cons: None significant.
Platforms: Not applicable.
Price: Available on application.
Tel (02) 9927 8888