Aruba proposes alternative to using IPSec for remote access security

Insightful analysis by consultants Steve Taylor and Jim Metzler, plus links to the latest WAN news headlines

For years, there have been two traditional methods for secure remote access: IPSec and SSL VPNs. Both have been discussed in this newsletter over the years, and each has its definite strengths and weaknesses. Now, wireless LAN provider Aruba has proposed an alternative to using IPSec on the client computer that we find innovative.

Aruba proposes that telecommuters and road warriors consider deploying Aruba’s special remote-access point (RAP) software on the company’s APs and using the Aruba APs from home or hotel rooms. The APs — rather than your client device - communicate with Aruba’s centralized controller in your data center over an IPSec tunnel. This precludes the user from having to mess with passwords, PINs and IPSec key fobs.

The only requirement is that the remote AP has wired Internet connectivity.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

For years, there have been two traditional methods for secure remote access: IPSec and SSL VPNs. Both have been discussed in this newsletter over the years, and each has its definite strengths and weaknesses. Now, wireless LAN provider Aruba has proposed an alternative to using IPSec on the client computer that we find innovative.

Aruba proposes that telecommuters and road warriors consider deploying Aruba’s special remote-access point (RAP) software on the company’s APs and using the Aruba APs from home or hotel rooms. The APs — rather than your client device - communicate with Aruba’s centralized controller in your data center over an IPSec tunnel. This precludes the user from having to mess with passwords, PINs and IPSec key fobs.

The only requirement is that the remote AP has wired Internet connectivity.

This approach certainly seems to us to have some appeal. But we also turned to our colleague, Joanie Wexler, author of Network World’s Wireless in the Enterprise newsletter, for her take. Joanie said, “This could be easier for home users who have to log in to the VPN repeatedly every day and for road warriors who would like to use multiple wireless devices from a single hotel-room Internet connection.”

If you would like to take a closer look at this solution, a white paper with an extensive explanation is available here. And while you’re at the Webtorials site, you might also want to take a look at a paper on next-generation access, the Kubernan State-of-the-Market report on Mobile WiMAX.

We’d like to hear your thoughts on the Aruba approach. Let us hear from you, and we’ll be happy to share the feedback.

Read more about lans & wans in Network World's LANs & WANs section.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Jim Metzler is vice president of Ashton, Metzler & Associates.