Peter Greco doesn't need any convincing that the latest release from Whale Communications Inc. will find a place in his network.
As CIO of Regis University with a main campus in Denver and others in Nevada, Greco has relied on Whale's Secure Sockets Layer (SSL) VPN appliance for the past two years and knows its capabilities. He also knows the value of Microsoft Corp's Internet Protocol Security (IPsec ) VPN function, which the university has also used.
So when the Fort Lee, N.J.-based Whale last month rolled out an appliance combining its SSL VPN, Microsoft's IPsec VPN, endpoint and application security and Microsoft's Internet Security and Acceleration technology, Greco was quick to hop on the bandwagon.
"We've always done point-to-point lines between campuses," he said. "This is going to make it easier for my staff to support. We're going to be able to integrate the old and the new."
IPsec VPNs have been dominant for several years and work at Layer 3 to create a "tunnel" into the network so devices act like they are physically attached to the LAN when users log on. Newer SSL VPNs work at Layer 4, the application layer. With SSL, users access applications via a Web browser and administrators can control access by application, rather than provide access to the entire network.
Greco said he plans to install the Whale box this month to initiate IPsec tunneling for the Las Vegas campus. The university already uses Whale's SSL product for roughly 17,000 students, 6,000 of which are full time, and more than 1,000 staff members. The university also uses the ISA Server's IPsec function to manage access to the Student Information System, an application that manages student information similar to enterprise resource planning.
Greco said piling both SSL and IPsec functionality into one box will help the school manage remote access and decrease the cost of maintaining the network between the main campus and other locations. Plus, he said, the Microsoft orientation will help the box fit right into his network environment, since most of its applications are Microsoft-based.
"Our biggest advantage will be ease of management," he said.
Greco said remote access security is necessary for students and faculty to use applications, especially the Student Information System, which contains sensitive student information. The university needs VPN security to ensure all data traveling through the pipes is encrypted.
Marcus Schmidt, senior product manager for Microsoft Internet Security and Acceleration, said the genesis of the partnership and resulting appliance stemmed from the increasing need for secure remote network access.
"More and more workers need to access more applications behind firewalls," he said. Schmidt added that the market is shifting toward more hardware-based security options, which also played into the product's development.
Along with SSL VPN and IPsec VPN functionality, the gateway also offers:
- Policy compliance
- Application firewall capabilities
- Endpoint and application protection
- Monitoring and reporting
- Forward and reverse proxies
"There was no divergence whatsoever between the SSL and the IPsec world," Greco said. "This is bridging the gap."