Face-off: Mobile VPN isn not a better choice than an SSL VPN

Two industry insiders debate the best VPN approach for mobile users.

An SSL VPN is a comprehensive VPN, including being a mobile VPN. The real choice is whether you should select a proprietary, single-application, network layer-only VPN or a flexible, application- and network-layer SSL VPN for mobile users. The flexibility, low total cost of ownership (TCO) and reliability of an SSL VPN will trump a proprietary approach every time.

An SSL VPN is a comprehensive VPN, including being a mobile VPN. The real choice is whether you should select a proprietary, single-application, network layer-only VPN or a flexible, application- and network-layer SSL VPN for mobile users. The flexibility, low total cost of ownership and reliability of an SSL VPN will trump a proprietary approach every time.

SSL VPNs are very "wireless friendly" and offer everything companies demand from a mobile solution, such as application-session persistency, application policies and network-layer policies. SSL VPNs support seamless roaming and offer high performance and optimized throughput with compression and acceleration to compensate for any slow wireless link.

SSL VPNs work with a wide variety of applications and platforms, such as Windows, Linux, MacOS, Windows Mobile 5.0, PocketPC, PalmOS, Symbian and iMode, with just a browser. And all widely deployed mobile devices with Internet capability have a browser. The bottom line is user device support with SSL VPN is significantly less limiting than a proprietary mobile VPN.


Face-off Mobile VPN is a better choice than an SSL VPN


SSL VPNs serve multiple IT functions by providing access to fixed employees (such as teleworkers), mobile workers, partners and customers with a single, centralized infrastructure -- providing access to applications regardless of whether workers are using a mobile device, home or corporate PC or laptop. Mobile VPNs serve only one constituency and require a separate VPN and client management infrastructure in the DMZ for mobile device access.

With SSL VPNs, if changes are made to back-end application servers or new servers are added, only changes to access-control policies are required on the centralized SSL VPN deployment and not on multiple VPN deployments. On the client side, a proprietary mobile VPN requires software to be installed for each device, typically resulting in ongoing maintenance costs associated with renewals, updates and support.

With mobile VPNs, users need to remember one specific VPN gateway just for mobile connectivity and separate ones for all other types of VPN connectivity. In contrast, SSL VPNs are clientless and are designed for a streamlined user experience.

SSL VPNs give IT managers more control, enabling them to provide access only to the specific applications for which a user and mobile device is approved, as opposed to effectively turning the mobile device into a node on the network and providing access to all back-end applications.

SSL VPNs have unparalleled endpoint interrogation, access control, user quarantine and remediation features. These functions allow for business security policies to be more easily enforced and provide users with a self-help environment. SSL VPNs also can provide granular auditing of users, resources and endpoints accessing the network, which is critical in today's regulatory environment.

With demands for a growing mobile workforce, new levels of security and extending applications to new groups, the last thing IT managers need is another proprietary infrastructure to build and manage.

Sheth is vice president of security products at Juniper Networks. He can be reached at hsheth@juniper.net.

Learn more about this topic

Virtela offers new SSL VPN service for small businesses

02/02/06

Fortinet gets into the SSL VPN game

05/03/05

Checking out an open source SSL VPN offering

04/19/05

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2006 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)