Advertisment

Remote Access Technologies take Center Stage

author-image
PCQ Bureau
New Update

Increasingly, organizations are demanding more time from

their employees than the usual office timings, which is one of the reasons

mobility technologies are becoming so popular. Besides mobile devices and

wireless technologies, another critical element that's required for enabling

true mobility is providing users remote access to your corporate network. The

most popular technology for this job is VPNs or virtual private networks, which

allow users to securely connect to their corporate network over the Internet.

VPNs need no introduction, and for a long time, they've been based on a

technology called IPSec. That seems to be changing now, with another technology

stepping into the arena, called SSL. 

Advertisment

Neither VPN nor IPSec nor SSL are new terms for any IT

manager or CIO, but they've never been compared, until recently. IPSec was

always known as the technology that facilitated encrypted communication over a

public network, ie it was always known as a VPN technology. The claim to fame

for SSL or Secure Sockets Layer on the other hand was that it helped make

e-Commerce, as we know it today, a reality. It allowed users to carry out secure

transactions from a web browser. Even today, in online banking, the underlying

protocol to encrypt all your transactions is SSL. So the question now is, if a

bank can provide secure access to its banking applications through a web

browser, why can't the same happen for other applications like email,

messaging, collaboration, or even business apps? Enter SSL based VPNs, and the

whole debate over whether to use it or the older, tried and tested IPSec based

VPNs? Let's analyze each in a little more detail.

Anil Chopra, Associate Editor

Traditional IPSec VPN based products comprise of a VPN

concentrator on the host network, and a VPN client that must be installed on

every mobile user's machine. A remote user would connect to the Internet, and

then use the VPN client to gain access to his/her corporate network through the

VPN concentrator box. Once inside the network, the user would actually be a part

of the corporate LAN. The user would have the same privileges as being present

on the local network itself, albeit with a limited connection speed. After

gaining access to the network, if all that the employee does is check email or

access some info from the corporate Intranet, then the IPSec VPN seems like an

overkill. If the same thing happened from an SSL VPN however, then things would

be different. An SSL based VPN works on its original principle of proving access

through a web-browser. Users don't need to deploy any additional client

software on their machines. Also, by its nature, users don't really get access

to the entire network, as in IPSec based VPNs. They would primarily gain access

to web-enabled applications like email or Intranet only.

Advertisment

Given the fact that more applications are becoming

web-enabled, SSL VPN has a clear-cut advantage because your users can be given

access to those out of the box. Also, since web-connections are sessions-based,

you can provide more granular access to your internal resources. But thats not

the case of IPSec based VPNs, in which you provide access to the entire LAN, and

the user inherits most of the rights, he/she has to the local network. SSL based

VPNs are also an attractive choice if you'd like to provide access to users

other than your employees, like your customers and business partners. If you

have a particularly large mobile workforce, then again, management of the IPSec

based VPNs becomes an issue. This is largely because you would have to manage

the clients on all the machines. Also, non-traditional devices can be used with

SSL based VPNs, such as a PDA or a smartphone, largely because it's browser

based.

So which technology is better? I would tend to go the SSL

based VPNs way. One of my reasons is that IPSec VPNs follow the traditional

client/server architecture. Install a client on a remote client, and use it to

connect to a VPN server on the corporate network and gain access. The overall

industry trend has been to slowly move away from this tradition. Increasingly,

you'll find that we're moving towards a world of web-enabled applications.

SSL based VPNs therefore offer a distinct advantage on this front, because

that's what they were meant to do by design. Some may argue that today,

configuring an SSL based VPN to provide access to non-web based applications

such as file sharing is fairly difficult. It would require extensive

customizing, which would add to the cost. However, the drive towards web-based

applications is so strong, that it would only be a matter of time before this

issue also gets resolved. Even if this is termed as a disadvantage, IPSec based

VPNs have the inherent disadvantage of client management. So, IPSec based VPNs

would remain for some time, but eventually, SSL based VPNs would own a larger

pie of the VPN market.

Anil Chopra, Associate Editor

Advertisment