Internet Protocol Security virtual private networks (IPSec VPNs) were once the only options for secure remote access, but worked only site-to-site and were difficult and costly to maintain. Today, Secure Sockets Layer (SSL) VPNs are increasingly replacing IPSec VPNs because they are less costly to manage...
A ventail White Paper
IPSec vs. SSL VPNs for Secure Remote Access A ventail White Paper
Executive summary
Changing work styles, new computing and communication devices, and the ever-increasing expectations of today's end users are driving the demand for expanded remote access. Many companies today support full-time remote workers, or "day extenders," who supplement office hours by working from a home PC. Business partners work from their offices behind their own firewalls, and remote users want clientless, broadband, and Wi-Fi access from anywhere their travel takes them. They all expect easy, secure access to the network resources they need, from anywhere, at any time, using any device.
And, today, a greater number of users need access to corporate resources from environments that IT organizations can't possibly control-such as home PCs or airport kiosks. Many users are also taking advantage of wireless technology, both through the increasing number of public Wi-Fi hotspots and through company-sanctioned wireless local area networks (LANs) as well as access points that they've set up on corporate networks. In addition, many companies extend their networks not only to mobile employees, but also to trading partners, consultants, and customers around the globe. These new and varied access situations bring security concerns to the forefront.
There are economic factors to consider, too. As companies continue to look for ways to save money, many see advantages in using new technologies such as Voice over Internet Protocol (VoIP) to streamline costs. The rapid expansion and increased availability of broadband access also means that most users are now accessing the corporate network over the Internet from fast broadband connections with near local response times.
At one time, traditional Internet Protocol Security (IPSec) virtual private networks (VPNs) were the only options for secure remote access. However, because IPSec solutions were designed for site-to-site connectivity and not with a highly mobile workforce in mind, these solutions provided limited remote access and often proved both difficult and costly to maintain. In response to increasing user demands for remote access, a new kind of VPN emerged-SSL VPNs. These new VPNs, based on the Secure Sockets Layer (SSL) protocol that safeguards the world of e-commerce, quickly became the leading option for remote access.
And increasingly, SSL VPNs are replacing IPSec VPNs for remote access as they offer everywhere access with complete control and security. In addition, recent advances in SSL VPN technology offer many benefits for both users and companies. When compared to IPSec VPNs, SSL VPNs are less costly to manage, eliminate security risks of open-by-default tunnels, and offer a simpler, easier experience for employees and business partners who need access to a wide range of applications and resources from remote locations.
This paper provides an overview of the differences between SSL VPNs and IPSec VPNs, and explains why SSL VPNs are ultimately a better choice for secure remote access.
IPSec vs. SSL VPNs for Secure Remote Access Page 2A ventail White Paper
A typical IPSec VPN provides site-to-site remote access via an encryption tunnel.
Traditional IPSec VPNs: Designed for As for the remote access market, IPSec solutions satisfy user requirements when there are a limited number of site-to-site connectivity tunnels to create and the access scenarios are limited to VPNs, initially based on the IPSec protocol and offered corporate-managed systems. However, when there are by network equipment companies, were originally thousands of remote users at different locations, distributing developed for site-to-site communications between branch and managing the required client software quickly offices. These site-to-site VPNs were an economical way becomes cumbersome and costly. These are just some of to extend the corporate network to remote offices over the many factors that make IPSec VPNs less than ideal for the public Internet, avoiding the high cost of private wide remote access.area network (WAN) connections. The resulting secure connection between trusted private networks offered access IPSec clients are costly to manage and have similar to that of the corporate network. As companies hidden costsbroadened their use of VPNs to meet other remote access With an IPSec VPN, IT depar... [download for more]
