New SSL VPN concentrators are creating competition for both integrated firewall/VPNs and conventional IPsec VPN concentrators. Most analysts say that SSL VPN is fast becoming the dominant solution for remote access. I've worked with many companies that have either used SSL to replace an older IPsec VPN concentrator or have shifted much of their workforce onto a new SSL VPN concentrator.
The most visible advantage of deploying an SSL VPN is avoiding VPN client installation and configuration. SSL VPNs use the Web browsers already found on nearly every remote device as a launch point. Most SSL VPNs do use a little bit of client software, but they push it to the device as needed, over the secure browser session. Avoiding installed clients not only reduces VPN total cost of operation -- it makes remote access possible for devices and users who just could not be satisfied by IPsec. For example, teleworkers connecting from home PCs, consultants who require access from their own laptops, or field workers connecting from behind a customer firewall that does not permit IPsec pass-thru.
Customers who buy an SSL VPN concentrator often ask: Do I still need my firewall/VPN? The answer is absolutely yes -- that investment is still very worthwhile. An SSL VPN concentrator does not firewall, so it must be protected by a separate firewall. In addition, most companies still need integrated firewall/VPNs to secure interoffice traffic using site-to-site IPsec tunnels.
This was first published in December 2007