Intel To Invest In Linux PC Vendor VA Research Sunday February 28 1:42 PM ET By Therese Poletti SAN FRANCISCO (Reuters) - VA Research Inc., a developer of Intel-based PCs, servers and workstations running the increasingly popular Linux operating system, is expected to announce Monday that it will receive an investment from chip giant Intel Corp. (Nasdaq:INTC - news), according to industry sources. The investment, which will also include some venture capitalists, is Intel's second in a Linux-related startup company. The announcement will be made the day before Linux World -- the first big trade show devoted to Linux -- begins. Linux is an alternative version of the UNIX operating system which runs on Intel-based systems and on other computer architectures such as Compaq Computer Corp. (NYSE:CPQ - news)'s Alpha chip. Developed by Finnish programmer Linus Torvalds in 1991, the software is maintained by a group of far-flung programmers and given away over the Internet. While the number of Linux users is still small compared to Windows, the momentum for Linux has been gaining steam in recent months, as more and more computer makers have said they will offer Linux on their hardware, including International Business Machines Corp. (NYSE:IBM - news) Late last year, Intel, Netscape Communications Corp. (Nasdaq:NSCP - news) and two venture capital firms invested in Red Hat Inc., a distributor of Linux which charges to distribute and support Linux software, which mostly runs on computer servers. VA Research, based in Mountain View, Calif., was founded in 1993 to provide Linux-based hardware, software, service and support. Its co-founder, Larry Augustin founded the company while he was an electrical engineering graduate student at Stanford University. Venture capital firm Sequoia Capital of Menlo Park, Calif. is already an investor in VA Research. ``I can't confirm or deny anything,'' said Augustin, when asked about Intel's investment. An Intel spokesman in Santa Clara, Calif., declined to comment. With its investment in Red Hat, based in Research Triangle Park, N.C., and now with VA Research, Intel is continuing its strategy of ensuring that its processors run on all major software environments, including versions of the UNIX operating system, which was designed for multi-user networked computing. From Owner-HyperNews@dept102.it-ias.depaul.edu Sun Feb 28 14:23:13 1999 X-Coding-System: undecided-unix Date: Sun, 28 Feb 1999 15:02:30 GMT X-Authentication-Warning: dept102.it-ias.depaul.edu: nobody set sender to Owner- HyperNews@hermes.depaul.edu using -f To: HyperNews@dept102.it-ias.depaul.edu From: kdoshi@shrike.depaul.edu (Kishore Doshi) X-Hn-Forum: Foundations of Distributed Systems X-Hn-Re: Virtual Private Networks (Clark Elliott) Subject: More: VPN Implementation at Protocol Leve X-Hn-Url: http://hermes.depaul.edu/HyperNews/get/w99/ds-420/58/6.html Precedence: list Newsgroups: /HyperNews/get/w99/ds-420.html HyperNews notification of new message. See: http://hermes.depaul.edu/HyperNews/get/w99/ds-420/58/6.html Links: Information for this posting comes from the following source: http://technet.microsoft.com/cdonline/content/complete/boes/bo/winntas/prodfact/ vpnovw.htm This VPN overview from Microsoft is full of detailed information, registration f or Technet is free like MSDN Other sources to look at: http://www.ietf.org/internet-drafts/draft-ietf-pppext-pptp-08.txt - Draft of PPT P protocol by MSFT, ASCEND, 3Com/USR and others -------------------------------------------------------------- >From the prior postings to this question, we know that: 1. VPN's are a possible solutions to allow company employees to connect to the LAN through the internet instead of through direct dial-up connections t hat become expensive for the company to maintain 2. A VPN in it's simplest form is essentially a remote client communicat ing with a private network through any intermediate public or private net work 3. A viable VPN solution must provide the following characteristics: User authentication Assign client addresses Data Encryption -------------------------------------------------------------- Let's build on this a little by looking at the key concept behind implementing a VPN, tunneling. Then we will look at the protocol many of the tunneling solutions are built on, PPP(Point to Point Protocol) The basic method(protocol) for sending packets back and forth over any intermedi ate network is called tunneling. The procedure is that on the originating end, the packets or frames(usually PPP fram es) have an additional header added to them, unique to the tunneling protocol. This special tunneling header that co ntains additional information to push the packet/frame through the intermediate network to the other end of the t unnel. The packet/frame is encapsulated with the tunneling header, and then wrapped with a header for whate ver protocol is being used over the intermediate network: IP, ATM, and so on. The packet is then sent over the inter mediate network. Once the packet reaches the other end of the tunnel it is unencapsulated(the tunneling header is removed) and the PPP frame continues on to the proper location. A good tunneling solution needs to support multiple protocols. While the interme diate network the majority of corporations will try to use is the internet, there could be other possibilities for intermediate networks that use protocols other than IP. For example, say a company has two divisions doing sepa rate work and would like to keep them on separate networks connected by a VPN. Let's say the internal intermediat e network they use implemets ATM instead of IP. Now at the same time they want to allow employees to access the n etworks from home through the internet(IP). The same tunneling protocol now needs to be able to work for both ATM and IP. The basic procedure for data exchange through a tunnel is summarized by this exa mple: Let's say we have a packet that we want to send from our network to a remote cli ent, let's say our internal network is using IP so we have an IP packet. 1. The remote access server on the network takes this network packet and creates a PPP frame out of it. The protocol for making this PPP frame(described below) takes care of user authentication, ad dressing and encryption. So by building the tunneling protocol on top of PPP we inherit the necessary character istics of a viable VPN solution for free. 2. Next the PPP frame is encapsulated with the tunneling protocol header 3. Then the encapsulated PPP frame is wrapped up in the protocol of the intermed iate network(IP, ATM, IPX and so on) and sent into the tunnel. 4. The packet is recieved on the other end, the tunneling protocol header is rem oved(unencapsulated) and the packet is forwarded to it's final destination as described by the PPP frame. Tunneling protocols such as PPTP(Point to Point Tunneling Protocol) and L2TP(Lay er 2 Tunneling Protocol) are built on PPP for the simple reason that they can inherit many of the required features of a VPN solution from it. PPP provides the tunneling solution with the following features: 1. User Authentication 2. Dynamic Addressing 3. Data Compression and Encryption plus more that are not mentioned here. -------------------------------------------------------------- Since many specific tunneling solutions encapsulate - PPP(Point to Point Protoco l) - what is it and how is it part of tunneling? The protocol defines the following sequence to create a remote connection to the network. The first phase uses Link Control Protocol to establishing the physical connecti on between the remote user and the network. Here the network control protocols are setup(IP, IPX, ATM and so on) With the link established the user must authenticate themselves to the remote se rver that will give them access to the network. Microsoft remote access server for Windows NT networks uses a modif ied a challenge handshake protocol for authentication. What does this this mean? In it's simplist form, the challen ge handshake protocol is as follows, the remote server sends a arbitrary "challenge string" to the client. The remote client takes the users entry for the password and a propritary hashing algorithm to encrypt the challenge string. It then sends the encrypted challenge string, the session ID, user ID and the passwork back to the server. S ince the server knows the users password it can decrypt the challenge string of the user with the proper passwor d. If the decrypted version of the challenge string is the same as the original, then the server accepts the connec tion. The server never directly checks the password. Throught the course of the session the server will send rep eated challenges to the remote client at random intervals to protect against somebody impersonating an authenti cated user. The remote server collects all this authentication information and passes it on to a central authentication server for the Windows NT network, this is usually the primary domain controller. With authentication complete, the networking protocols are now invoked. The remote client is given an address so t hat it can be identified on the network. At this time the data compression and data encryption schemes are setup also. With the setup complete, we now have a PPP frame for the remote connection. This frame is wrapped by the tunneling header, compressed and encrypted by the procedures agreed when the tunnel was cr eated. At this point the encapsulation is complete and the packet is ready to be wrapped up and sent over the intermediate network -------------------------------------------------------------- Kishore J Doshi - DS420 Thursday section From MAILER-DAEMON@cs.depaul.edu Mon Mar 1 12:53:55 1999