Remote control
With a Secure Socket Layer virtual private network, firms can get the benefits of remote working without the problems, writes Bob Tarzey.
There are many benefits of being able to access an organisation's IT resources remotely: employees checking email from home; consultants on a customer site accessing knowledge bases; sales execs updating their forecasts; customers and partners accessing extranets. The list goes on.
Some employees have been given access to corporate resources over virtual private networks (VPNs) for some years, using what is known as an IP Security (IPsec) connection.
This has been of limited use because it requires software to be installed on the device from which the VPN is being accessed, and for a connection to be established by dial-up, broadband or a third party's local area network.
This type of access has been limited to those carting around a portable PC or other compatible device.
Imagine being able to access any corporate application from anywhere, without needing a portable device of any sort.
Imagine a consultant working on-site, requiring certain information to solve a problem, being able to access the corporate knowledge base easily, although it is securely behind their employer's firewall.
Imagine a sales exec walking into an internet cafe after closing a deal, updating their sales forecast and then retiring to the nearest wine bar. Job done.
This has all become possible by connecting to VPNs using Secure Socket Layer (SSL) communications. SSL VPNs can be used to access corporate resources from any web browser, a console in an airport lounge, a home PC, a PDA or a smartphone.
Fantastic, all problems solved; access for all from anywhere, with no need for the hefty pre-configured PC and hours wasted trying to work out how to connect from a remote location.
But wait - there are surely some dangers. Think of the management objections: 'I don't mind my sales execs reading their email from public terminals, but I don't want them accessing the CRM system. Suppose they forget to log off?'
'I don't mind our field engineers accessing the corporate knowledge base from a customer site, but not our R&D plans. That's too risky.'
No need to worry, this is the beauty of the SSL VPN approach. Unlike an IPsec connection, which is all or nothing, an SSL connection is selective in what it allows the user to do.
The user is authenticated, as is the device from which they are requesting access. The SSL VPNs have a policy engine that checks what applications the user is allowed to access (using LDAP, Active Directory and so on) and will further limit this depending on the device they use to access the network.
The sales exec may be able to update their sales forecast from an internet cafe, but not view sensitive customer details. The field engineer may be able to access the knowledge base, but will have to go back to the office if they want to see R&D plans. And to be on the safe side, connections can usually be configured to time out if left idle.
SSL VPNs have been around for some time, but sales are taking off and are predicted to go through the roof. The products are generally supplied as appliances; that is, with the software pre-installed on a dedicated piece of hardware.
The market is maturing rapidly. Initially the technology was available from specialists, such as Aventail, Netilla and Whale, which still maintain their independence.
But the big guys have got interested and have been either developing their own SSL VPN capability or buying it.
Among the networking and firewall vendors, NetScreen and F5 Networks have both acquired specialists, while Nokia, Cisco and Check Point are developing new solutions in-house, currently with more limited functionality than the specialists; Nokia's NSAS is the most advanced.
The good news for resellers is that almost all sales of SSL VPNs will go via the channel. So, if the predictions are anything to go by, there is a great opportunity heading your way.
Entry-level pricing varies widely. Quotes we got ranged from £3,000 for five users to £17,000 for 30 users.
These costs may be too high for SMEs, but don't worry; when we spoke to Microsoft, it was eager to point out that its ISA server, while not an SSL VPN solution, would allow secure remote access to email and intranets for just £1,000 per CPU. Where would we be without them?
Bob Tarzey is service director at Quocirca.
01753 855 794
www.quocirca.com