Review: Pertino cloudy VPN

Nascent software defined networking giant? You decide.

Today I went to Spiceworld. learned about Pertino. They make a VPN and it connects to the cloud. It is an interesting concept, even to a cloud skeptic such as myself. Still, Pertino are offering Spiceworks community members the chance of winning 2014 Fiat 500 Abarth. This raises the chances that the marketing shenanigans are worth the time and effort to learn about this company, their product, and the people who use it.

To win the car, entrants have to have been members of the Spiceworks community before the contest started, sign up via the registration page, create a demo network, and post something “creative” to the contest thread.

According to the contest website, “you will be judged on creativity and originality, so pictures, poetry and interpretive dance encouraged. See contest thread for inspiration.” Well, I only know how to do one thing that’s remotely “creative”: zero mercy technology reviews. So it’s time to break some tech, and – with luck – win the wife a new car.

The first thing I learned, upon doing some research is that they have a Wikipedia page and that it is filled with accolades from American startup and cloud-friendly publications. That’s an interesting start, and certainly makes me intrigued enough to continue.


The next item on my list is that individuals whose opinion I trust – such as the venerable Scott Alan Miller: man, institution, Spicelegend, – have thrown their official weight behind pertino. Celebrity endorsements don’t typically drive me to consume products, but SAM is more than just a pretty face: his technical expertise surpasses my own, and thus his endorsement means that I would be wise to see if this product has real world applicability for my use cases.

The stage set, the rational for investigation laid out, it is time to go forward and get educated.

What does Pertino do?

Put simply, Pertino is a cloud-based VPN. It offers a means to interconnect computers, mobile devices and entire networks through a simple interface that seems perfectly capable of punching through most firewalls erected by hotels, ISPs or other irritating types who use traffic management to seemingly prevent telecommuters or a mobile sales force from actually getting work done.

To make Pertino go, you install an agent on each of your devices and that agent will create a split-tunnel VPN link that is bridged in the cloud. What this means is that it creates a “virtual” network adapter on the device you have chosen, and assigns that virtual network adapter an IP address.

All devices that have Pertino installed will be able to talk to all other devices that have Pertino installed, assuming you have configured them to be part of the same network in your account setup in the cloud-based Pertino configuration panel. Additional devices on your network(s) can be made visible to one another through the appropriate use of routing, and in this sense it is no different than any other VPN you may have configured.

From a functionality standpoint, Pertino is a “just works” class service. Login, download, install, done. I have run various tests using a few different logins – both through the Spiceworks contest and not – and I can’t find any evidence of bandwidth throttling on Pertino’s end. They go as fast as Amazon’s datacentres will go, which means they’re much faster than anything you or I can throw at them.

Pertino Installer

Pertino have clients for Windows, Apple’s OSX, Debian and RPM-based Linux distributions, Android (Jelly Bean or higher), but not iOS. Apple’s mobile fondlegadgets are still relegated to “coming soon”.

More than meets the eye

Now, it may strike some that Pertino is “just an easy to use VPN”. This assessment would be both correct, and woefully shortsighted. Let me paint you a picture of why.

In a world where you run your own VPNs, attempt to actually do anything with your traffic requires a significant amount of time, money and careful planning. VPNs are usually one device, while intrusion detection is another, bandwidth monitoring can be yet another widget, with filtering, security and $deity knows what else all a series of physical or virtual appliances that need configured, chained together and made to cooperate.

Getting enterprise-level networking, security and monitoring on your network could mean packets having 5, 10 or even 15 hops before even leaving your edge device! What’s more, traditional hardware-peddling network device vendors love making widgets that don’t actually go all that fast.

Getting a VPN appliance to handle today’s traffic won’t necessarily scale to handle tomorrow’s, and upgrading is usually forklift-based. Throw away your existing stuff, and get new.

Pertino offers a potential solution to a lot of this. Your packets leave your devices and all converge in Pertino’s Amazon AWS-powered cloud. Here, the power of Pertino’s “AppScape” app store should start to become readily apparent: all those forklift upgrade hardware widgets you needed to police your traffic are easily replace by “apps” that will do the same job, and scale up as your traffic demands do.

The offerings are fairly limited today. Some monitoring, DNS/AD bridging, and the ability to see where your various devices are connecting from on a world map. But Pertino is young; the company’s main VPN-as-a-Service product hit general availability in February 2013. That isn’t enough time to populate the app store with too many goodies, nor to build the inevitable “platform” that will invite third parties to add blue crystals to make it all work better.

The potential of the product is humbling. If all your “external” traffic can be routed through Pertino, and Pertino can provide a rich environment of “Traffic Inspection, Filtering and Manipulation as a Service” then they can reduce the complexity of networks a great deal, even as our workforces are increasingly mobile, and moving beyond the limits of the corporate firewall.

Who are Pertino

Based out of Los Gatos, California, Pertino is captained by CEO Craig Elliot and seconded by CTO Scott Hankins. Elliot is a seasoned exec coming from a sales background while Hankins is a deep-fried nerd used to playing in a field of robots, big budgets, research teams and do-or-die (literally) trials.

Pertino UI

Pertino UI

Peering under the covers at their backgrounds – and comments from others about them – both individuals seem to have adopted a “do it right, do it loud or go home” approach to problem solving. There would appear to be no room in their strategy for minor incremental updates wrapped up in an endless hype cycle. Nor do they have a history of penny ante commitments or detrimental copper counting.

Pertino seems to be run and peopled by individuals who fixate on the goal of a given product, damn the torpedoes, and ensure that engineering resources are available to meet project. This isn’t a company that is going to build a cloud of a string, bailing wire and shell scripts. This is a company that will take off the shelf components, combine them with well-engineered custom components, test, re-test, QA, test again, reengineer, do more QA, retest and then push out a polished product.

I don’t normally believe that “who runs a company” is nearly so important as the ideas and the products on offer. That said, Pertino is a company that purports to be some form of radical cloud-based software-defined-networking that proposes to replace enterprise site-to-site (and telecommuter/mobile-to-site) networking interconnection.

With something that critical to businesses continuity on the line, “Apple-trained sales exec” and “military-industrial roboboffin” offers a comforting pedigree regarding issues of product reliability and fitness for purpose. Dig into the backgrounds of some of the nerds on staff and I think you’ll agree that they’ve got a heady bunch.

The cloud obscuring the silver lining

The cloud obscuring the silver lining here is, of course, that Pertino is an American company offering services on an American cloud and proposing to bridge, inspect and manipulate your company’s most critical – and private – network traffic. The seven billion of us who are not Americans are likely to be more than a little bit queasy about handing that level of access over to a nation that – to be blunt about it – doesn’t legally consider non-Americans people, let alone protected individuals who are entitled to privacy.

American companies obviously don’t need to worry about this. Their government can far more easily send them a missive directly demanding access to their network; bothering Pertino isn’t a particularly efficient way of getting access to your traffic. But as the ongoing Microsoft Ireland spat shows us the US government has no such issues when it comes to accessing foreign data.

Would you like to know more?

The company’s long term commitment to privacy – and the lengths to which they’ll go to ensure it – remains unknown. The section of their website that discusses security doesn’t mention “zero knowledge” anywhere, nor do any of the quick marketing blurbs pay any form of lip service to the idea that Pertino itself cannot see your traffic.

Pertino uses 256-bit AES encryption to prevent anyone from listening in on the network traffic in flight. A large chunk of the world’s bad guys will be defeated by this. Unfortunately, the extent to which Pertino (or Amazon) – and thus the “national security letter”-happy US government – can decode your data on the Amazon side of things is as yet unknown.

It is not impossible for Pertino to create a “zero knowledge encryption” system by which they cannot be compelled to give anyone access to your data. It would make deploying network-scanning “apps” a heck of a lot harder – and more expensive – but not impossible.

The question for us non-Americans is, naturally, “is zero-knowledge encryption in use”? If it is, hurray! Pertino’s technology is amazing, and the ease of use unparalleled. I would love to start implementing this in production today.

If zero-knowledge encryption is not currently in use, is it planned? And for when? How can we – the end user – verify that the encryption process is zero knowledge end to end, and that it hasn’t at any point changed? Are there

It would stand to reason that in order to provide the network application platform options that will ultimately make Pertino so successful they would ultimately have to have the keys to your encrypted kingdom. Certainly, I don’t remember having supplied anything more than a username and password during setup of my test Pertino network, so the chances are good that Pertino has the ability to peer into your traffic, should they need to.

Good prospects for Pertino

Pertino, like most American cloud companies doesn’t actually have to worry about security for now. They can cater largely to an audience consisting of Americans and those non-Americans who don’t care if governments can read their network. This pool of potential customers is enough for Pertino to rake in hundreds of millions of dollars and set about solving the zero knowledge problem later, if they deem it of commercial relevance.

Pertino has demonstrated success. I am positive that they can – and will – respond to this review with a discussion of the number of high profile foreign clients that they have signed. If it is good enough for them, the reasoning goes, I should be good enough for anyone.

There is a certain logic to that; international law as regards these issues will get made on the backs of big companies with lots of lawyers, because it is those companies who have the biggest war chests and the most to gain from people feeling their privacy has been compromised by foreign governments digging into their lives.

Our society seems divisively split between those who care about this issue and those who see it as a distraction. There are quite literally billions of people on the latter category and that that is market share big enough for Pertino to build an empire.

And make no mistake; they absolutely have the technology and the vision to build said empire.

What will I do with all this free time?

For myself, I find the technology and implementation Pertino compelling. It will see use in my testlab*, which has users around the world. Hardware and software reviews wait for no man, and our team is increasingly dependent upon access to this critical resource.

To be entirely candid, not having to faff about with this will save me hundreds of hours a year. That translates into tens of thousands of dollars fairly directly. Every hour my network doesn’t do its job is an hour one of my writers isn’t testing and is an hour that I have to fix the smuggling thing. Start adding that up at $300 an hour and “I can’t get access to the lab from the hotel” or “I need to pull down all the video from X, but can’t see it” can cost us real money in a right hurry.

The time and money saved will be part of an exercise in personal freedom for yours truly. I am winding down my days as a full time systems administrator. I don’t care about your printer, and I no longer possess the sheer force of will to hold together a bunch of underfunded networks build out of spit and bailing wire.

I aim to build a career out of my writing, my reviewing and doing some network architecture-level consulting on the side. Part and parcel of that is identifying and making use of time-saving tools like Pertino that allow me to spend less time twiddling the nerd knobs and more time engaging in high-value activities that can pay not only my salary but that of my staff.

Ultimately, what more could you ask of any IT tool? “I will use this technology to make my life better” is always the right answer; it’s why technology gets invented. It’s why we pay money for it.

Perhaps I will have time to indulge in my favourite sport of competitive sleeping. Perhaps I will finally start in on that science fiction trilogy I’ve been itching to write. But one thing is certain: without tools like Pertino to hand to take the “scut work” of IT off my hands, I won’t get to do any of it.  For me, that’s what makes Pertino worthwhile.

*Until the details of privacy and data sovereignty issues are more solidly and transparently dealt with, however, my policy of “zero American public cloud computing” will remain in force for all production networks.

About Trevor Pott

Trevor Pott is a full-time nerd from Edmonton, Alberta, Canada. He splits his time between systems administration, technology writing, and consulting. As a consultant he helps Silicon Valley start-ups better understand systems administrators and how to sell to them.

Visit My Website
View All Posts