The traditional remote-access marketplace has evolved into four different solutions that can provide secure connectivity. The four solutions include two different types of virtual private networks (VPNs) and two different types of shared computing (terminal services and what we'll call "Web-based remote access").
|More Tech Trends on CIO Update|
Three Steps to Greater Value Misconception No. 2: Believing the Hype of Technology and Tools Is Vista The Last of Windows? To Build or Buy? That is No Longer The Question - Part I
The first and most prevalent type of VPN made use of secure Internet protocol (IPSec) connections between remote users and their corporate headquarters. Leading vendors in this area include Cisco, Juniper, and Checkpoint Software.
They allow remote users, once properly authenticated, to appear to be on their local headquarters networks and have the same types of access that they would have if they were plugged into the local Ethernet in the office wall, albeit at a much slower connection.
IPSec networks are cumbersome to configure and require an expensive VPN gateway to handle inbound calls. They require the IT staff to touch each remote user's PC and configure the special client software used for the connection.
The most secure VPNs are often only the result of a great amount of work, routine maintenance, and vigilance on the part of IT administrators that need to balance the configurations of the VPN with corporate firewalls and placement of secured servers on appropriate network segments.
In addition, all enterprise applications must be installed on the remote PC too. This means that IPSec connections aren't possible from PCs that aren't managed by the IT department, such as those used at Internet cafes.
Because every application is running over the remote link, applications can perform poorly and in some cases have problems dealing with the longer network latencies of the VPN connection. The VPN by itself can't deal well with poorly maintained remote PCs that could infect a corporate network with spyware or viruses, since the remote PC is connected as a full-fledged local entity.
Many IPSec VPNs are used for office-to-office connections, rather than single user access, and these are somewhat easier to configure (since the two or more VPN gateways are configured for network-to-network connections).
A newer and more flexible type of VPN is one based on secure sockets layer (SSL) connections. Leading vendors in this area include Juniper, F5 Networks and Aventail.
SSLs don't require any client software outside of a Web browser, so they are useful for times when users find themselves at Internet cafes or on other public computers that are out of the reach of the IT department.
However, the SSLs suffer from disadvantages. They can be difficult to configure for particular Web-based applications such as Outlook Web Access, and are designed to work with Windows and Internet Explorer and not many other combinations of operating system and browsers.
They also suffer from an insecure endpoint like their IPSec cousins, although many SSL VPN vendors are adding endpoint security routines to help tighten things down. Every SSL VPN comes with special "network extension" client software that is typically downloaded on the fly when a user first connects to a VPN gateway.
This software must be used when a remote PC wants to become a full participant on an enterprise network and will require some additional configuration.