Making way for the new VPN

SSL in the market SSL by design SSL in the end What’s at stake? More Power Struggles articles The bracket game Power line timeline

VPNs based on the IP Security protocol have held a grip on the market, but an alternative using Secure Sockets Layer is steadily gaining ground.

Few people familiar with network security consider SSL a wholesale replacement for IPSec as a VPN protocol. But SSL proponents say that protocol is less-expensive and easier to deploy when workers need remote access to Web applications such as e-mail and corporate intranets. And now, traditional IPSec VPN vendors are scrambling to add SSL to their product mixes to meet demand.

Browser-based SSL VPN products differ from IPSec VPN wares in that they do not require companies to install VPN client software on remote devices. Users who can authenticate to a company's network can make a secure connection from any laptop or desktop PC with a browser. That's because SSL firewall ports generally are kept open, so firewalls need not be reconfigured to provide access.

With IPSec VPNs, each remote device must run client software, which must be updated as necessary. Also, firewalls and the IPSec devices must be configured in tandem to allow network access.

SSL in the market

Market researchers predict that worldwide sales of SSL-based VPN gear will increase during the next several years. Infonetics Research expects market growth from about $56 million this year to an estimated $840 million by 2005. However, the firm says, IPSec products will continue to make up a huge share of the VPN market. Infonetics pegs sales of IPSec VPN and firewall hardware at $1.5 billion this year and $2.5 billion in 2005.

"SSL will address all those [remote workers] who don't really need access to many applications. It's a simple way to give them access to things like e-mail and benefits and payroll information. Those users who need access to a broad range of applications that are not all Web-based will require IPSec clients," says Jeff Wilson, executive director of Infonetics.

But the proliferation of Web-based applications - and the growing need for remote access - has turned SSL into a hot topic - a necessary development for traditional IPSec VPN vendors.

Check Point Software, which unveiled an SSL-based or "clientless" VPN in July, says SSL is ideal for companies that need to exchange data with business partners via extranets but don't want to install VPN clients. IPSec VPN vendors such as Nortel and SonicWall agree. Nortel introduced the Alteon SSL appliance in September; SonicWall began offering SSL products when it acquired Phobos two years ago. In the meantime, NetScreen Technologies says it's evaluating an SSL offering through possible partnerships.

Other IPSec VPN proponents, such as Symantec, still are evaluating how to fit SSL into their product lines. The holdup in part stems from these vendors having more or less viewed SSL as a competing technology. But as demand grows for clientless VPN connections, logic dictates that vendors add SSL-based products to their lineups.