The benefits and different types of SSL VPNs

SSL VPNs communicate differently than other VPN types. Discover the difference between portal and tunnel SSL VPNs and learn the benefits of each.

Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission over the Internet. By using Web SSL VPNs, clients can safely log on to their corporate network from another computer without requiring special certificates installed or group passwords at the user end. In this section of SearchEnterpriseWAN.com's VPN tutorial, learn about the benefits and different types of SSL VPNs or skip to...

other sections in the VPN tutorial using the table of contents below.

Table of contents

The protocol for SSL VPNs

Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet. SSL VPNs use a program layer located between the Internet’s HTTP and TCP layers. SSL VPNs are included as part of Web browsers and most Web server products. The “sockets” part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. SSL uses the public-and-private key encryption system from RSA , which also includes the use of a digital certificate.

SSL VPNs at a glance

  • SSL VPNs work at OSI Layers 4 though 7.
  • Remote connections are made via a Web browser or a downloadable Java or ActiveX agent.
  • SSL VPNs do not require a client on the endpoint.
  • They provide granular, role-based access control.
  • There is no application or client administration.
  • SSL VPNs natively support split tunneling.

SSL VPNs work by communicating over the SSL protocol, allowing traffic to pass through almost any proxy or firewall that might be limiting your access. Once connected, a small Java-based client is downloaded to the computer’s Web browser, which creates a virtual connection between your computer and VPN concentrator or firewall providing the service.

A Web SSL VPN automatically downloads onto the user’s computer and installs itself when needed. Once the end user session is over, it can be configured to automatically delete itself from the computer, leaving no trace of the VPN client. This means that clients who use SSL VPNs can safely log on to their corporate network from another computer, without requiring special certificates installed or group passwords at the user end. All they need to know is their own credentials and the URL to the Web SSL VPN concentrator.

This excerpt was adapted from WhatIs.com’s definition of SSL and Chris Partsenidis' Web SSL VPN introduction.

SSL portal VPNs

An SSL portal VPN allows for a single SSL connection to a website so the end user can securely access multiple network services. The site is called a portal because it is one door (a single page) that leads to many other resources. The remote user accesses the SSL VPN gateway using any modern Web browser, identifies himself or herself to the gateway using an authentication method supported by the gateway and is then presented with a Web page that acts as the portal to the other services.

This was excerpted from the WhatIs.com  definition of SSL VPN.

SSL tunnel VPNs

This type of SSL VPN allows a Web browser to securely access multiple network services, including applications and protocols that are not Web-based, through a tunnel that is running under SSL. SSL tunnel VPNs require that the Web browser be able to handle active content, which allows them to provide functionality that is not accessible to SSL portal VPNs. Examples of active content include Java, JavaScript, Active X, or Flash applications or plug-ins.

This was excerpted from the WhatIs.com definition of SSL VPN.

Benefits of SSL VPNs for cloud security

Entrusting the crux of wide area networks (WANs) -- SSL VPN gateways -- to the cloud is a big leap for network engineers, but cloud VPN services are popping up and may suit enterprises that can't afford or can't properly maintain thousands of dollars' worth of global remote access infrastructure.

Cloud VPN services fit best in enterprises "where you have a remote user population that will fluctuate between regions of the world, especially where their access network is not unified -- say, it's not being provided by a single ISP," said Michael Suby, director of Stratecast, a division of Frost & Sullivan. "When you don't have control of the Internet provider, then you … have some limitations, in terms of what you can guarantee [as far as] performance characteristics."

Read more about the benefits of cloud VPN services, in this article by Jessica Scarpati.

Continue reading this VPN tutorial to learn about mobile VPN types.

This was first published in December 2010

Dig deeper on VPN design

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchNetworking

SearchUnifiedCommunications

SearchTelecom

SearchSDN

Close