Start-up says it can deliver secure VoIP

A start-up called Net6 claims that its virtual private network products offer companies high-quality voice communications over any network from anywhere.

On Tuesday, Net6 announced several enhancements to its VPN gateway that enhance the quality of service for all voice over Internet Protocol (VoIP) traffic traveling over a Secure Sockets Layer VPN.

SSL has become a popular alternative to VPNs that use IPsec encryption and tunneling for connecting remote workers to corporate networks. Because SSL VPNs give access through a standard Web browser instead of through an IPsec client running on each device accessing the network, many companies find SSL to be much easier to deploy and manage.

But SSL VPNs aren't perfect for every situation. For one, they rely on TCP (Transmission Control Protocol), which works well for data applications but not as well for latency-sensitive traffic such as voice. TCP uses packet retransmission, which means that packets can be delayed en route to their destination. This is not a problem for basic e-mail or file transfers, but for voice and video calls, it degrades quality significantly.

Net6 has developed technology that it says will get voice and video traffic to its destination securely and without delays. The Net6 device sends false TCP acknowledgements so that the sender continues sending packets. Murli Thirumale, Net6's chief executive officer, admits that some packets may be lost along the way but he said that has little effect on voice quality.

"Because of the real-time nature of voice, losing a few packets doesn't impact quality much," he said. "You may not get a crystal-clear hello, but you'll hear the voice in real time and not experience any delays."

Net6 isn't the only SSL VPN equipment maker to tweak its solution to carry voice traffic. Juniper Networks says its SSL VPN gateway product, Network Connect, has been supporting voice for over a year.

But Juniper and other SSL VPN players say they haven't seen much demand for VoIP over SSL yet. Aventail, another prominent player in this market, said it will offer VoIP over SSL later this year.

"VoIP is an important feature coming in the near future," said Chris Hopen, Avantail's chief technology officer. "But the mass market demand is not quite there yet,"

Aventail and Juniper also said customers are much more concerned about integrated security features that ensure that users are not connecting to the network through infected end devices.

"While Net6 may offer a network connection over SSL, they do not have the end-point security measures of our established SSL VPN," said Vivian Ganitsky, Juniper's senior manager of product management. "This is important to customers when providing a network connection via any browser."

Juniper's quote is incorrect

For clarification of the Juniper quote, Net6 provides Endpoint Assurance integrated endpoint security as part of the Hybrid-VPN. Endpoint Assurance provides continuous, real-time checking to make sure the endpoint has the required personal firewall, applications, antivirus definition files, operating system patches, and security updates as well as ensuring it is an approved corporate asset. If any of these checks fail at any point of the session, the tunnel is immediately closed.

Juniper's quote is not relevant to the article

This story is focused on secure VoIP, not endpoint security?which Net6 does support (see previous comment). However, when Juniper says that Network Connect has been supporting Voice over IP for more than a year, you have to question if they have done any real testing. They would be supporting real-time UDP traffic over TCP. Anyone who has experience with voice and video understands that the retransmission and reordering requirement of TCP makes this unsuitable for real time traffic.