This article is targeted at the small to medium business market segment and will provide an overview of the VPN technology options in the market today.
IPsec VPNs have been around for quite some time. The basic premise of an IPsec VPN is that the user traffic is tunneled and encrypted from the client end (end user) to a VPN gateway or concentrator that is located at a hub computing site. IPsec VPNs provide security and privacy for transporting sensitive data. A key benefit of IPsec is that it is a "bring-your-own-Internet" solution. In other words, if the end user has Internet access and the VPN concentrator has been designed and deployed with an interface that is reachable from the Internet, the end user can set up a VPN session from anywhere that has Internet access.
The downfall of an IPsec VPN is that it creates the need for a fat client: It requires the installation of a VPN client on the end-user PC or laptop and the managing of security certificates or secure ID keys (rotating keys that are entered to authenticate). However, IPsec VPNs have proven robust and viable for a long time and there are many vendors that support them.
Secure Socket Layer (SSL) VPNs
SSL VPNs are gathering steam within the industry because they offer the next generation of VPN technology utilizing something everyone is familiar with: Web browsers. SSL client capabilities are built into most standard Web browsers. There are some pitfalls with SSL VPNs. Some applications do not work over SSL and the encryption and authentication is not as strong as IPsec.
Other vendors to consider are as follows: ActiveLane, Avaya, Check Point Software running on Nokia's hardware, Cisco, Cylink, Imperito Networks, NetScreen/Juniper Networks, Secure Computing, SonicWall and Symantec. Each of these vendors offers either SSL or IPsec solutions or both.
The type of VPN solution chosen should depend upon your actual requirements, but the main requirement should be ease of use and administration. For the SMB market, focus should be on driving revenue, not maintaining IT infrastructure.
This was first published in August 2005