Could a managed remote-access VPN be the thing for your business?
Pundits estimate 40 percent of workers now travel for business, and IDC predicts this figure will rise to two-thirds by the end of 2006. As a result, providing mobile employees, clients and partners with remote access to a companyâs internal network is a basic IT requirement. Working at home or on the road should be as productive and secure as working in the office–a common goal of most IT staffs looking for economical ways to provide comprehensive remote access. With the right technology, the full productive potential of information workers can be unleashed anywhere there is an Internet connection.
However, network administrators face a bewildering set of overlapping products and technologies to consider. While taking different approaches and providing different benefits, technologies such as client-based and Web-based Secure Socket Layer (SSL) Virtual Private Networks (VPNs) provide secure remote access over the Internet.
Whether to choose a client-based VPN client or SSL-based VPN is no longer the issue. Outsourced remote access services combine the benefits of both approaches with the additional benefits of a managed-subscription service. We’ll explore the pros and cons of each solution, hopefully providing insight that will keep administrators from being boxed in by the narrow scope of traditional VPN appliances.
Security vs. convenience
A client-based VPN is a set of protocols developed to support the secure exchange of data packets across IP networks like the Internet. In this approach, a VPN client is downloaded and installed on the remote user’s desktop computer or laptop, providing full network access so users can do anything from their remote locations that they can do from their office desktops.
Client-based VPNs have a number of drawbacks. Most utilize IPSec, which is difficult to configure and maintain access behind any firewall or proxy, usually involving involves complex key settings, encryption algorithms, and manual user configuration. Client-based VPNs can also present a serious security problem because PCs essentially become nodes on the company network, potentially opening a wide security hole if a client machine is compromised by a virus, Trojan horse, or remote control software.
Client-based VPNs require the distribution of client software, firewalls and antivirus updates that can require a significant investment of time and money. As a result, businesses can quickly find themselves trying to roll out ad hoc solutions while dealing with increased call volume to its help desk. All of these factors can significantly raise the cost of the project and increase user frustration.
A step beyond
SSL-based VPNs have evolved in response to the shortcomings of traditional client-based solutions. These solutions typically offer limited access to company resources through a standard Web browser using SSL, an Internet standard protocol for transmitting documents via the Internet using a public key to encrypt data. Most browsers support SSL, and many Web sites use the protocol to obtain confidential user information such as credit card numbers.
Web-based remote access is easier to deploy: Users simply connect to the Internet through any standard browser and network resources are made available from a Web page. SSL-based VPNs generally offer wide device support though some functionality is usually limited to browsers with Java or ActiveX support. Unlike client-based VPNs, users connecting over the Web with SSL are not actually nodes on the network protecting the LAN and data on it.
As with most technology approaches, SSL-based VPNs present a different set of challenges and issues for an IT department. Users must have an Internet connection to work remotely with an SSL-based VPN. While they usually provide access to Web applications and network shares, they have limited support for non-Web based systems–remote users do not have access to non-Web-based applications on Windows, UNIX, Linux, AS400 or mainframe systems, nor can they get to Windows or client/server applications that aren’t Web-enabled.
Resources such as files are presented in Web pages, and it can be difficult and confusing for users to accomplish simple tasks like uploading files or working with e-mail attachments.
Best of both worlds
Given that there are beneficial uses for both VPN clients and client-based and SSL Web-based SSL-VPNs, remote access services and managed VPN service providers integrate the best of both worlds in a single offering. With managed service-based remote access solutions, businesses can tailor remote access to the needs of its users rather than forcing users to accommodate the limitations of any given approach.
These service providers have a powerful policy manager that completely integrates both VPN approaches with existing user settings and preferences. The best solutions offer a Web-based approach reducing the time and cost of deploying client solutions. Using the Internet, virtually any device or OS can connect to the company LAN.
Remote access services that provide centralized configuration features enable administrators to reconfigure applications, populate desktops with proper drive maps, drivers, printers and other company resources. Remote access services also provide the most essential security features such as locking down PCs and ensuring each user is properly authenticated before allowing direct access to the corporate network.
Any exceptions to company policies result in appropriate actions such as severing the user’s connection and generating usage reports. Unlike traditional most in-house VPN appliances, managed remote access solutions include terminal services in their subscriptions providing access to files, e-mail and intranet sites–without the extra overhead of an additional terminal services environment.
Service-based remote access/managed VPN service provider solutions offer the additional benefits that accompany most outsourced services. The best service providers incorporate the latest remote access technology into their infrastructure. Customers receive the benefits of a solution that is always up to date without spending more for new technology and IT talent.
A third-party remote access service also provides flexible scalability: providers have the man-power and know how to provision and manage thousands of users so customers don’t have to including basic help-desk support to ensure users don’t have issues logging into the network. Unlike traditional VPNs that take months to implement, managed remote access VPN services are often implemented in hours reducing the risk of a long implementation resulting in potentially disappointing results.
Don’t get boxed in
Administrators who only compare in-house client-based VPNs and SSL Web-based SSL-VPNs VPN solutions to meet their remote access needs address only part of the problem. Deploying a successful remote access initiative involves understanding what features and benefits are most important to your IT staff and users.
While some companies may have a predisposition to buying and integrating hardware and implementing their own home-grown solutions, many IT departments find a third-party managed remote access service to be better, faster, less expensive, and less risky than an internally developed one.
Managed VPN service providers keep businesses from being boxed in by traditional in-house VPN offerings that require substantial budget, both upfront and ongoing, and IT manpower to maintain. Technologies are automatically updated, thousands of users can be supported, and network managers don’t have to worry about babysitting and protecting a growing number of clients–everything is outsourced. Managed remote access solutions enable employees to be productive while working remotely in a secure environment with fewer headaches, costs and unforeseen roadblocks.
Timothy Sutton is CEO and co-founder of Positive Networks, a provider of remote access services.