AT&T, Aventail tout SSL VPN service

AT&T is teaming with Aventail to offer what the companies say is a more flexible VPN choice for remote and extranet access.

AT&T is teaming with Aventail to offer what the companies say is a more flexible VPN choice for remote and extranet access.

AT&T is expected to announce this week that it is reselling Aventail's Secure Sockets Layer (SSL) VPN service. The offering would let customers extend the reach of VPNs to business partners and remote users.

SSL offers an additional level of flexibility because it authenticates at the application level, while IP Security (IPSec), which AT&T also offers, authenticates at the network layer, says Steven Harris, analyst at IDC.

"SSL works best for extranet connectivity where a business may only want to give a user access to certain Web-based applications," he says. "But for users that need full LAN access, IPSec is the better choice."

Because SSL initiates a session for each application a user accesses, it would be cumbersome to use SSL for remote users who might need to access many applications on a corporate LAN, Harris says.

IPSec VPN access requires that users deploy a software client on their laptop or desktop. SSL VPN access lets users access a VPN using a standard Web browser, which adds another level of flexibility, especially for business-to-business environments.

SSL support also would make it easier for AT&T to roll out Wi-Fi wireless LAN support. "It will likely happen in the not too distant future," says Jonathan Cohen, director of IP VPN strategy at AT&T.

The carrier hinted that it would be working with start-up Cometa Networks to support a bundled Wi-Fi VPN access. Cometa is a joint venture between AT&T Wireless, IBM and Intel that plans to build a nationwide network of wireless access points.

Aventail supports the SSL VPN service by deploying an appliance at a customer's site, which it manages from its network operating center (NOC). Users access the VPN from any Internet connection and are authenticated at the SSL appliance, where a session is initiated.

While Aventail will support the offering, AT&T will bill users directly for the SSL VPN service. The companies say AT&T will eventually deploy Aventail gear within its own NOC to provision and support customers on its own, but no timetable has been established.

AT&T says it has been looking at adding SSL VPN access to its security service package since last year. And in this case, the carrier says it made more sense for AT&T to team with a company that's been working with SSL since 1997 than to build a service from the ground up.

AT&T was losing revenue by not offering a second VPN access method that is more flexible than IPSec, Cohen says.

"Professionals behind another [company's] firewall could have network address translation problems or protocol blocking problems," he says.

The new service is expected to be available in the second quarter.

AT&T would not reveal how much it will charge, but says pricing would be similar to Aventail's.

Aventail charges $2.75 per user, per month for a company that has 2,000 users. The service provider charges $1.75 per user, per month for a company that has 10,000 users.

Learn more about this topic

Aventail looks to best IPSec VPN vendors

Q&A with Aventail CEO Evan Kaplan. Network World, 01/20/03.
Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2003 IDG Communications, Inc.

IT Salary Survey: The results are in