What are the trade-offs between software VPNs (like Hamachi) and dedicated hardware (like SonicWall)?
I support a small office (15 users, ActiveDirectory, Windows 2008 and Windows 7). We've been using LogMeIn Hamachi for VPN, to enable our remote users to get to the file shares from home. It's been working fine, as our performance needs are small.
As more users come online, I'm starting to look at other solutions. What should I consider when weighing the cost for something like the SonicWall NSA 2400? What does that extra $2450.00 get us beyond the $50.00 I'm paying for Hamachi? Is an appliance like this overkill for a small office?
Update 1: This is a little different than the question "Hardware firewall vs VMware firewall appliance", which distinguishes between a hardware appliance and a VM-based (but still dedicated) appliance. We're using neither of those currently.
Update 2: The answers to the question "Why buy high end hardware firewalls?" do provide some good reasons, my favorite being "paying to have someone to blame."
I prefer to have a hardware VPN endpoint. If I were to use a software-based VPN running on a commodity server (or virtualized), it would probably end up running on hardware more expensive than the all-in cost of an appliance solution...
I'd go with something in between, though...
The $500-$700US Cisco ASA 5505 can support 25 VPN clients, has good mindshare and is rock-solid. It integrates with Active Directory for authentication and has a nice SSL VPN option in addition to the traditional IPsec client.
I don't think I'm alone in having had production trouble with Sonicwall devices. Expensive, sometimes unstable and definitely not the go-to option for the engineers I know.
Appliances can offer better performance because they use ASICs and a special purpose operating system. OSes such as Linux and Windows are general purpose operating systems. They are designed to be able to perform all sorts of different tasks and run all sorts of different kinds of software. As such, they make compromises, sacrificing pure speed for broad compatibility.
Hardware appliances don't make those compromises.
On the other hand, computers are very powerful these days. VPN software loaded on a general purpose OS like Windows or Linux is... can be... more than capable of serving the needs of a small office.