A debate brewing over Virtual Private Network technology could come to roost among Canuck enterprises as Bell Canada cranks up a new VPN offering.
The telco in August said it would sell Aventail Corp.’s Secure Sockets Layer (SSL) VPN appliances. The boxes are meant for companies seeking protected connections between off-site employees and corporate networks.
Bell already sells VPNs that are based on Internet Protocol Security (IPSec), another technology for secure connections.
IPSec and SSL vendors seem to be battling for control of the VPN space, with IPSec proponents saying their protocol is superior, because it’s network based and application specific.
“This provides a higher degree of security because access is limited to specific access devices, software clients, user authentication mechanisms and pre-defined security associations,” said Brian Feng, vice-president of engineering at ZyXEL Communications Co., a network gear maker in Placentia, Calif.
SSL backers say their technology is equally secure and, what’s more, clientless, which spells simplified management.
“You’ll get a lot of roll-your-eyes types of responses from IT guys that are responsible for IPSec clients,” said Tom Claeys, Aventail’s senior director, strategic alliances. “It’s a fairly difficult client to install. It’s very difficult to install more than one IPSec client per device. And the support costs of IPSec are quite high.”
But for Bell, each technology has its place.
“IPSec is going to be mostly used for static, branch-to-branch applications,” said David Joyce, Bell’s senior director, managed security solutions. “If you have two remote offices that need to talk, we can establish a remote tunnel using IPSec over the Internet. But if you’re a mobile user…you may be dialling into the Internet, or accessing it as a teleworker from home. That’s really the application we’re going to be using SSL for.”
Shawn Moyer is project lead, information security with the Reinsurance Group of America Inc. (RGA), a reinsurance and underwriting firm. He said his company uses a mix of IPSec VPNs from Avaya Inc. and NetScreen Technologies Inc. to connect global branch offices to the St. Louis, Mo. headquarters.
“I have looked at Aventail. There are some advantages to it that would be useful to us. But I don’t see SSL VPNs replacing enterprise-to-enterprise connectivity….I see them being useful to us in terms of roving users – laptop users, sales staff, people that travel frequently.”
IPSec is far from perfect for travelling workers, Moyer said.
“It doesn’t traverse firewalls very well,” he said, explaining that sometimes employees trying to use the VPN while visiting RGA customers cannot establish connections, thanks to the customers’ network security measures. “That’s problematic.”
Even if IPSec presents certain challenges, Bell’s Joyce said companies currently using it wouldn’t migrate to SSL. “If customers have already made the investment in the IPSec architecture, I don’t really see a compelling business case for them to switch over.”
Aventail says the EX-1500 SSL VPN appliance supports between 1,000 and 1,500 concurrent users. Bell offers it as a customer-premises-based, managed service across Canada, Joyce said. Prices can range between approximately $15,000 and $100,000 depending on the number of users and connections, he said, adding that subscriptions to Bell’s management service span $1 to $20 per user.
With files from IDG News Service