SSL: The next-generation VPN

A big part of my job is translating between IT professionals, vendors and venture capitalists. It isn’t as easy as it sounds because they often use the same words to mean different things.

Take the concept of competition. To vendors, service providers and venture capitalists, a “competitive” product very often is one that looks, smells and feels a lot like yours: It relies on the same fundamental technologies to solve the same sets of problems. Under this definition, Sprint Corp. and AT&T Corp. compete with each other, and Cisco Systems Inc. and Juniper Networks Inc. compete with each other, but you wouldn’t say that, for example, Cisco competes with AT&T.

IT professionals generally use a different definition. To them, “competitive” products are different approaches to doing the thing you need done. For example, if you’re trying to get more bandwidth to a remote office, you might look into broadband services. You also might consider buying a router with compression or prioritization abilities that can help you do more with less. Under this definition, Cisco and AT&T do compete, because your choice is between buying a Cisco box and more bandwidth from AT&T.

Most recently, I’ve run up against this odd dichotomy of perspective when it comes to SSL vs. IPSec. Several vendors of IPSec and SSL VPN products and solutions insist that their offerings “don’t compete” with the other guys. “Oh, we’re IPSec, they’re SSL,” the CEO of one such company sniffed at me. “They’re very different technologies.”

True: SSL and IPSec are different. Or as we techies like to say, they’re orthogonal.

SSL defines a secure, encrypted communications mechanism between applications, most commonly between a Web browser and server. It’s independent of the underlying protocols (particularly IP). IPSec provides a secure, encrypted communications mechanism at the IP layer. It’s independent of the application, meaning that any application that uses IP can run across it.

However, both schemes solve the same fundamental business problem: managing and controlling third-party access to your network, applications and resources.

So I’m with the IT professionals on this one. IPSec and SSL do compete. More to the point, SSL is gaining real traction as a VPN service offering. For example, Fiberlink Communications Corp., a managed services provider, is partnering with Neoteris Inc., a manufacturer of SSL-based VPNs, to let Fiberlink set up and manage policy-based VPNs for companies and their third-party partners, contractors and suppliers. And Aventail Corp. and Bell Canada just signed a similar deal.

Why are SSL-based VPNs gaining momentum? Because unlike IPSec, SSL doesn’t require changes to the remote machine or network. Users don’t need to install or configure special-purpose client software, making it easier to configure and manage VPNs. The drawback is that SSL is defined for a relatively narrow set of applications.

Increasingly, though, corporations are “Webifying” their legacy apps, or even jumping whole hog into Web Services, which makes SSL increasingly attractive. So I’m confident the trend of SSL-based VPN services only will continue.

Johnson is president and chief research officer at Nemertes Research, an independent technology research firm. She can be reached at johna@nemertes.com.



Related Download
Understanding How IBM Spectrum Protect Enables Hybrid Data Protection Sponsor: IBM
Understanding How IBM Spectrum Protect Enables Hybrid Data Protection
Download this whitepaper by Enterprise Strategy Group to learn how to choose a backup technology that is capable of supporting a hybrid protection approach capable of covering both on-premises technology and offsite cloud capabilities.
Register Now