Privacy

The ReefEdge Connect System delivers a scalable IPsec solution for cost-effectively
supporting hundreds or thousands of simultaneous wireless LAN users. Unlike a
traditional VPN server, the ReefEdge system terminates the IPsec tunnels at the
edge of the network—at the wireless access points—and moves those tunnels
seamlessly to the user’s current access point as the user roams about the wireless
LAN. ReefEdge protects the traffic where it is vulnerable—on the radio link—and
improves performance by avoiding unnecessary encryption on the wired portion of
the network. The system avoids the need for a centralized cryptographic processor,
with its high hardware costs, complex networking requirements for routing traffic to
and from that processor, fault tolerance problems, and scalability and load issues.
The ReefEdge Connect system simplifies the task of managing an encrypted wireless
LAN environment. Administrators can designate for which users encryption is
mandatory and for which users encryption is optional. The ReefEdge Connect
system automatically configures and launches the VPN client, so users are not even
aware that encryption is taking place. Key management is simplified, because all
necessary shared secrets and keys are securely and automatically delivered to
clients. Finally, the ReefEdge Connect system allows IT managers to leverage their
existing investments because it works with existing VPN clients, including the
Microsoft client that comes pre-installed in Windows 2000 and Windows XP.
In some environments, an IT manager may choose to bypass the data encryption
capabilities provided by the ReefEdge Connect System and instead use the system
in conjunction with an existing VPN server. The ReefEdge Connect System is
compatible with most existing VPN solutions including those from Checkpoint, Cisco,
Intel, and Nortel.
The ReefEdge Connect System enhances the scalability, flexibility, and
simplicity of VPNs for protecting wireless LAN data transmissions:
1. The Connect System access control mechanisms distinguish which data
must be transmitted through an encrypted tunnel to the VPN server and
which data may travel directly to the destination host without VPN encryption.
First, these mechanisms reduce the overall load on the local network and the
VPN server. Second, network traffic that bypasses the VPN server
encounters reduced network delay because it is routed directly to its
destination. Third, guests receive a simplified user experience by avoiding
the need for VPN software for basic Internet access.
2. The Connect System subnet roaming capabilities eliminate both the need to
wire access points directly to the VPN server and the need to VLAN the
access points into a single subnet. Besides eliminating a source of network
load and scalability problems, the ReefEdge Connect System simplifies the
overall network design. The network administrator can place access points
anywhere and simply connect them to the existing LAN without performing a
network reconfiguration.
3. ReefEdge is working with a variety of partners to ensure that the Connect
System is tuned to work with a variety of VPN clients, including those for
laptops, PDAs, and cellular phones.
The ReefEdge Connect System works seamlessly in conjunction with existing WEP
and Dynamic WEP technologies and, through its support for 802.1x and EAP, it will
support future evolution in these standards.