tgreene
Executive Editor

The next step for SSL remote access

Opinion
Feb 18, 20033 mins

* SSL remote-access companies could provide SSL VPNs as an application

Secure Sockets Layer remote access vendors have been nipping at the heels of the IPSec VPN vendors for a year or more now, and it appears that there is a new category of gear that is now chasing the SSL providers.

There is a category of devices that sits in the same place in the network that the SSL remote access gear sits – in front of Web servers and behind firewalls – that can perform the same remote-access function and a lot more.

For example, a supplier of one of these devices – Array Networks – recently announced that it is adding features such as load balancing, compression, clustering and Web filtering to its Array SP platform. Array SP previously focused on SSL acceleration and remote access to Web applications, and also includes traffic management.

While the SSL remote-access gear can be attractive to those who want to set up inexpensive networks to access a wide range of commonly used applications from any Web browser, decisions on what to buy takes other factors into consideration. If you are a network administrator looking to install such gear, you might also be interested in Web filtering as well to better secure the HTML port in your firewall, for example. Why would you want to add two boxes when you can add just one?

The question can be extended to be why would you add one box when you can add none? Look at what has happened with IPSec VPN technology. Once it required separate IPSec gateways, but now many routers get firewall/IPSec gateway blades, getting rid of the extra box and keeping management of the VPN on a familiar management platform.

Ultimately, this is what will happen to these SSL remote access, compression, and traffic-shaping boxes, says Gartner Group research director for network security, Richard Stiennon. “These products are burgeoning but short-term. Firewall vendors will have to do the same thing – add application defense, and the application defense companies will have to become firewalls,” he says.

“The challenge is for these (SSL remote-access) companies to provide SSL VPNs as an application, but to become known as integrated-security vendors,” says Michael Suby, an analyst with Stratecast.

Buying these products today can have important value in business networks, but the thing to remember and look for is how they evolve over the next few years to allow for a more streamlined network that is easier to manage.