Face-off: Mobile VPN is a better choice than an SSL VPN

Two industry insiders debate the best VPN approach for mobile users.

Mobile workers face unique challenges and need a VPN designed to address them. SSL VPNs work well for remote workers but take a back seat in mobile and wireless environments.

Mobile workers use wireless WAN (WWAN), Wi-Fi, Ethernet, DSL or cable connections from a variety of locations. They need a solution proven in environments with multiple networks and coverage, latency and speed issues. These are different challenges than those faced by remote workers who access network resources from a fixed location.

Face-off Mobile VPN is not a better choice than an SSL VPN

For most companies, the question is not, "Should we go mobile?" but rather, "What is our mobile strategy?" Security is a top concern when developing a mobile strategy. Both mobile and SSL VPNs provide excellent security when configured correctly with standards-based authentication and encryption. However, organizations also must consider the unique challenges associated with mobility.

Mobile VPNs are designed to handle common wireless-network challenges more efficiently than SSL. For example, when roaming from Ethernet to Wi-Fi to WWAN, mobile VPNs handle the transitions transparently with no impact to the application session. If a user hits a coverage gap or suspends a device to preserve battery life, a mobile VPN allows him to resume right where he left off. In the same situation, an SSL user may lose his VPN session, forcing him to log back in and restart applications.

Performance is also a concern. Because SSL VPNs use TCP as their core protocol, they are slower and less efficient on low-bandwidth networks, such as WWANs, where latency and jitter are commonplace. This problem is exacerbated when users run multiple applications. Mobile VPNs use a more efficient UDP protocol to optimize performance with all applications. And because mobile VPNs reduce protocol overhead and provide application data bundling, performance improves with the number of applications in use. Not so with SSL.

Mobile VPNs also excel in device and application support. "Clientless" versions of SSL VPNs can't deliver 100% application compatibility. Mobile VPN clients are easy to deploy, enable virtually any application to work in a wireless environment and can support multiple versions of the same application. When users demand access to more applications, mobile VPNs require little to no additional server configuration to support them, while SSL requires additional configuration for each new application. And unlike SSL, mobile VPNs provide the same application support and management tools to handheld devices and smart phones as they do for laptops.

Two key IT concerns are policy enforcement and management. Both SSL and mobile VPNs support policies at the application level (Layer 7). Mobile VPNs also support policies at the IP level (Layer 3), providing more robust application and network traffic security. Organizations serious about improving workforce and IT staff productivity through mobility should pick a mobile VPN.

Johnston is vice president of products at NetMotion Wireless. He can be reached at tomj@nmwco.com.

Learn more about this topic

Aventail adds to its endpoint-checking capabilities


Bank eyes lower support costs with mobile IP VPN


Securing the mobile workforce


Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)