451 Research: CohesiveFT’s VPN-Cubed offers some cloud control

View here (451 Research Subscription required)
Analyst: William Fellows
17 Nov, 2008

Event Summary

  • Clouds are currently secured by cloud vendors. VPN-Cubed enables enterprise administrators to create custom encrypted LANs between VMs in a private cloud, as well as an encrypted WAN across multiple public clouds. The message here is control.

Event Summary

  • As is fashionable, 20-person CohesiveFT rolled up its three investment tranches (from $1.5m raised October 2006) into a conventional series A. The hurdle to finding a B round right now is high, and the harvest for this market is 2010 at the earliest.

Event Summary

  • On-ramps like CohesiveFT will be successful so long as getting on to the cloud remains an activity not for the technology faint-hearted. But ultimately, the functionality supplied by VPN-Cubed should be rolled up as a feature of a cloud or aggregator.


CohesiveFT says users of its Elastic Server that want to connect different things together in different places and do it securely are the rationale for VPN-Cubed. Their problem is that attaching to SANs, managing local security or creating new images is different for each cloud. VPN-Cubed is focused on data security and control. Using the nicely secure feeling of a VPN metaphor, VPN-Cubed creates connections between endpoints in a cloud or between multiple clouds, whether those are internal or public clouds (hence cubed).

VPNCubed Manager VMs act as a VPN gateway for the other VMs in the same cloud infrastructure, enabling them to communicate to other systems via virtual NICs. It takes care of both IP tracking and encryption, synchronizes between cloud managers (using the AMQP-based RabbitMQ), provides a failover mechanism and enables users to turn multicast on and off in order to work on public clouds (it supports enterprise software configurations dependent on multicast).

The base package includes a virtual server firewall and up to 50 virtual servers plus optional management services through Elastic Server. VPN-Cubed succeeds the open source VcubeV project, which has been available for more than a year. It is hypervisor-agnostic, works with most operating systems and is available on clouds including Amazon EC2, Flexiscale, GoGrid and Mosso. Pricing will start at $25,000.

Competitive Landscape

With 4,000 Elastic Servers deployed by some 1,500 users, CohesiveFT hopes VPN-Cubed will make for a significant change in opportunity. It’s not saying that the cloud isn’t secure, but it’s clear that users are concerned about security and this is an effort to tap those concerns by providing a way to control their environment within (or between) clouds. It’s also not addressing the whole issue here – and doesn’t claim to. But end users are looking at how they can work with the cloud as part of their regulatory requirements (HIPPA, SAS70 Type 2, etc.), and whether legal liabilities and other contractual SLAs can be supported by cloud providers. Moreover, what VPN-Cubed can’t secure is the cloud weather itself – it’s subject to the prevailing network latency and bandwidth conditions.

On-ramps will be needed so long as the barrier to entry is still relatively high in terms of the level of expertise (and therefore money) needed to form or get on to the cloud. Ultimately however, VPNs, security and on-ramps, and more are part of a bigger cloud picture and will likely be rolled up into other offerings. CohesiveFT’s brand of server packaging competes with offerings such as rPath, Enomaly, CloudSmith, Trigence and Elastra, as well as appliance makers such as Jumpbox.

By: Margaret Valtierra