One of the most common questions organizations have to answer when selecting a secure VPN solution is how much that solution costs over the lifetime of its use.
Unfortunately, this is a very difficult question to answer, as it is based very much on how you want to architect your solution, but I will try to do my best here to provide some general pricing information and guidelines.
Building and deploying a VPN solution is much like other complex purchases, with so many options available, that ultimately price ranges can vary drastically.
Below, I’ll talk through some of the most common use cases we see to help provide a good starting point for understanding the cost of a hardware VPN solution.
Hardware vs. Software VPNs
A software-based VPN is achieved by downloading software on each end-user device that needs to connect to the network, as well as installing software on the central network to which those devices will need to connect.
Software-based VPNs will encrypt data that is transmitted between the end-user device and the main network.
Hardware-based VPNs are physical devices that connect to an end-user device and, when coupled with software installed at the server-side within the main network, encrypt communication between the two.
There are many different solutions on the market for hardware-based VPNs, each with different features and functionality, so for the purposes of this discussion I’ll limit myself to Archons’s hardware-based solution, Go Silent Cube, as well as our GoSilent Server software, in order to speak about specific features and costs rather than in general terms
How much does a hardware-based VPN cost?
In all cases, when calculating the lifetime cost of a hardware-based VPN, you’ll need to factor in both up-front hardware costs and then ongoing maintenance or management costs.
One thing to consider here when comparing a hardware-based solution to a software-based solution is the way in which costs are broken up. With a hardware-based solution, you can expect a larger up-front investment in the architecture but much lower long-term, or recurring costs.
This is why it is always good to take a look at not just initial investment but cost over the lifetime of a solution, in order to understand how they compare from a lifetime cost standpoint.
Up-front hardware cost
The first cost you’ll want to consider will be the up-front cost to procure the hardware needed to provide connectivity to end-user devices. Start by determining the per-device cost for each hardware VPN unit and then multiply that by the number of end-user devices you will need for your desired architecture or use case.
While many hardware VPNs are secure enough for commercial and/or consumer use, the majority of them are not sufficient in government or enterprise use cases, or for protecting classified information. In these cases, you should seek out a hardware solution that is purpose-built for the use case and provides a higher level of security.
As an example, Archon offers two versions of our own hardware-based VPN, the GoSilent Cube, depending on the level of security our customers are looking for.
The CSfC Certified version of GoSilent Cube is built specifically for government and military applications, holds NIAP certification, and is approved for use in protecting classified information.
By contrast, the commercial version of our GoSilent Cube has a slightly different software stack and is meant for deployments where government or classified data requirements are not present.
As you might expect, the level of security offered by the VPN has an impact on the purchase price.
Speaking in general terms, hardware-based VPNs that are suitable for commercial and consumer use tend to fall within the range of $500-1,000 per unit.
If you are looking for CSfC or government-level security applications for a hardware VPN, you’ll be looking at a starting cost of around $3,500 per device, where the higher end of the spectrum is nearly limitless, as solutions vary in cost considerably.
Number of units needed
While determining the per-device cost is relatively straightforward, the number of units you will need is highly dependent on the architecture of your deployment.
This is where different vendors will vary considerably depending upon the features of the hardware they sell.
The number of end user devices that can be covered by a single hardware-based VPN device is going to be the most important determining factor in your overall hardware cost.
For instance, one of the most attractive features of the GoSilent Cube, when compared to other hardware-based VPN solutions, is its ability to function as a Wi-Fi hotspot. Because of that, a single GoSilent Cube can protect up to 25 end-user devices, depending upon physical proximity and how the devices are connected.
To help you start to think about the number of devices you might need, we’ll talk through the common methods of connection and when they can be used.
Single endpoint connection
If you have multiple endpoint devices you want to connect, and they are physically distant from one another and don’t live on a single network, you will most likely need to procure a separate hardware VPN device for each individual endpoint.
Some hardware-based VPNs (such as the GoSilent Cube) act as Wi-Fi hotspots, allowing multiple devices to be connected and protected by a single hardware VPN over Wi-Fi.
If you plan to connect your devices to your hardware-based VPN via Wi-Fi, and you know the number of devices allowed by the hardware-based VPN, then you should be able to approximate the number of hardware pieces you’ll need.
For example, you can connect up to 5 different devices to a single GoSilent Cube over Wi-Fi. This means that, as long as those devices are within appropriate physical proximity to the GoSilent Cube, it can protect all 5 of those devices at once.
Not all hardware VPNs function as Wi-Fi hotspots, and those that do have different device capacity limits, so it's important to check what the limits are for the specific devices you are considering purchasing.
Some hardware-based VPNs allow multiple devices to be connected and protected over a wired connection.
If you plan to connect your devices to your switch or router and then use a hardware-based VPN to secure that router, you may well be able to protect many more devices with a single VPN device.
For example, you can protect up to 25 devices with a single GoSilent Cube when connecting it directly to the switch or router those devices are using to connect to the internet. This means that as long as all 25 devices are routing traffic through a single router, it can protect all 25 of those devices at once.
Again, not all hardware VPNs have this functionality, and capacity limits will vary, so be sure to check on this for any devices you are considering purchasing.
Determining your device number
As you can see, the number of hardware VPN devices you'll need is highly dependent upon their functionality, as well as how, and where, you want to use them.
Where hardware-based VPNs truly shine is in the ongoing cost category. After the initial purchase of hardware, you’ll see much lower recurring annual costs to cover maintenance.
By contrast, a software-based VPN will require the same investment year-over-year or month-over-month for access to a software license.
Depending upon how your hardware-based VPN provider has built their pricing model, there are usually two options that can impact recurring costs:
- You can install a virtual server on your own internal network to support VPN connections back to your corporate network; or
- Utilize a network of secure cloud-based servers managed and maintained by the VPN provider.
As an example, Archon offers both types of options for connecting GoSilent Cubes to your network or data: GoSilent Virtual Server and GoSilent Global.
This deployment option is meant to allow each hardware VPN to connect directly to your central network and allow you, and only you, to monitor and control all of those connections.
When using this deployment option, ongoing costs tend to be minimal. Initially, there is usually a small cost to set up the virtual server and then there may be an annual contract for maintenance of the hardware VPNs that have been deployed.
This deployment option allows the devices you outfit with hardware VPNs to use the VPN provider's cloud-based servers to connect to the internet. This option is typically used more for remote or traveling employees that may need to connect from foreign countries but is also ideally suited for smaller businesses that don't have an internal IT department.
This option generally requires that you pay a small monthly fee for access to the VPN provider's servers.
Calculating lifetime cost
Clearly there are a wide range of factors - from product functionality, to use cases, the number of devices you want to secure, their physical location, and more - that influence the lifetime cost of a hardware VPN.
This illustrates why it is so important that you clearly define your needs before you begin searching for a solution, and why you should do your research on the product features and deployment options that hardware VPN manufacturers offer.
If you're interested in learning more about GoSilent, our team is on standby to provide you with technical information and pricing.