Cisco Systems


Q&A with Pete Davis, Cisco Product Manager

Q: How does this innovation work? What does it accomplish?

A: The Cisco VPN 3002 Hardware Client brings VPN client software functionality to a hardware device. Take, for example, a small office or a home user who can't run software because the software doesn't run on the home system, or an extranet partner for whom you can't afford to provide desktop tech support. [The device] goes on the other side of a DSL/cable connection and allows you to create the same secure session without an additional computer.

Users simply plug the box into a cable modem, router, or other wide area networks (WANs) access device at their remote sites. The central site VPN concentrator takes over, using push policy capabilities to centrally set policy, manage, and upgrade the device. This central control and management approach minimizes the need to rely on remote users who cannot deploy or maintain the unit themselves. It also significantly trims total cost of ownership by reducing technical support costs associated with software clients and remote VPN routers. Tunnel setup and policy configuration is automated, so companies don't have to dedicate IT staff to manually configure individual devices.

Q: Why is the innovation important to Cisco?

A: Cisco already has the industry's most comprehensive portfolio of VPN solutions. The VPN 3002 extends and enhances that, giving us an even stronger product offering for companies that have large numbers of branch, home, or remote office sites. The Cisco VPN 3002 Hardware Client makes it possible for organizations to cost-effectively provide secure network connectivity to people who could not easily or cost-effectively get it before.

Q: Why is the innovation important to Cisco's customers?

A: It vastly reduces support costs associated with providing VPN connectivity to home, remote, and branch office environments. It lets you scale up to a large number of remote sites or users; you can now install this at 5,000 remote offices, and you don't have to worry about it becoming such a management headache. It's the only product in the industry that makes a hardware VPN device something that doesn't require manual configuration at all different sites.

The device also improves performance so that companies can offer better customer service. For example, the ability to centrally monitor the device allows companies to perform real-time inventory control. The ability to push information to the clients allows companies to do things like updating pricing information in point-of-sale devices to reflect the latest in-store promotions.

Q: How does the innovation change the way the Internet is used?

A: It's simple. This makes it possible for organizations to cost-effectively provide secure network connectivity to people who could not easily or cost-effectively get it before. It makes VPNs more practical, more reliable, and much more compelling for companies with large numbers of branch, home, or remote office sites.

This product isn't about speeds and feeds; it's about changing the way networking is done, enabling companies to use the Internet for business connectivity.

Q: What is the single most important aspect about this innovation?

A: The most significant feature is the combination of push policy technology with the option of dynamic IP assignment. Prior to this, users had two choices for deploying remote access VPNs: software clients and VPN routers. Software clients offer push policy, pricing advantages and scale well, but they do not always operate efficiently in mixed OS environments or with applications running on end user devices that the company does not own or control. Similarly, in site-to-site environments, policy information for VPN routers is not commonly dynamically assigned during a connection since there may be may need to be many unrelated connections.

The 3002 solves these problems by automating the process. Once the device is plugged in, IP addresses are dynamically assigned from a pool and pushed to the client devices. This "Instant VPN" feature effectively eliminates the need to spend hours setting connectivity parameters between the central site and each individual client. It also reduces the total amount of time it takes to deploy an entire VPN - from weeks to hours - and significantly lowers deployment costs.

Once it's up-and-running, it's centrally managed, and an auto-upgrade feature keeps everything current. The process of maintaining security, managing the system, and upgrading it is transparent to the end user. But for the organization, the results are very apparent: VPNs are possible where they were not possible before, they can be deployed faster to a broader demographic, they're more secure, and the company is saving money.

Q: How does this innovation give Cisco a competitive advantage?

A: There is no direct competition, but some other devices perform some of the functions provided by the 3002.

The Cisco VPN 3002 Hardware Client, which can be used as a remote access or as hybrid LAN-to-LAN device, is much easier to deploy than other solutions. Its dynamic IP addressing and policy configuration effectively eliminates the need to spend hours setting connectivity parameters between the central site and each individual client. It can scale to tens of thousands of units across a network, while another large equipment manufacturer's device will scale to "hundreds."

Q: What expectations did you or Cisco have for this innovation? Have those expectations been met or exceeded?

A: We expected customers to believe in the fact that they needed this. The product has been out a few months, and we've already shipped more units than ever imaginable. We had the right idea, and we built something unique in the marketplace. The only expectation is to see that you've built something customers can use, and solve a problem no one else had solved properly for them.

It's too early to predict outright product success, but we have exceeded sales targets so far. We've had lots of good questions and interest in the product. I think we're on the right path.

Q: Was there a special "ah-hah!" moment at which the solution became evident or a breakthrough was achieved?

A: Absolutely. This moment occurred the second we realized that the product should act like a software client, but actually be a hardware device. In summary, we needed to create a device that provided the ease of use of a centrally controllable client but without the need to install software on a computer.

Q: Has teamwork played an important role in the development of this innovation? How have the different members of your team contributed?

A: That's the most amazing part about the group here. Every member of our team is a significant contributor from those who create hardware, software, test the product and support it. You can come up with ideas, but it takes the whole team to bring an idea to life. Cisco has assembled a team with such talent that would be almost impossible for any other company to create.

Q: When you retire, what do you want your legacy to be?

A: I want my legacy to be someone who cared about the people I had the opportunity to interact with and a person who made things happen in the world. The most gratifying thing for me is finding out how I can help others be successful in life. To me, that's even more satisfying than coming up with ideas. I want to help others meet their goals, making sure I'm there for them. From a technical perspective, I want to be thought of as person who came up with ideas before they were in fashion. Part of the idea of innovation is thinking about what customers want, often before they know they want it.