RealTime IT News

Why VPN When You Can SSL?

CHICAGO -- The Catholic Health System (CHS) is a New York-based health care organization comprised of four hospitals and scores of diagnostic centers throughout the state. With such far-flung offices and remote workers, getting all of them working on the same network can be a time-consuming and expensive proposition.

Doug Torre, the director of networking and technical services at CHS, was reading a trade publication earlier this year when he came across an outfit called Neoteris, a remote management company. The company, in addition the traditional virtual private networking (VPN) it sells, takes a different approach to connect remote users to the corporate local area network (LAN).

Using a secure socket layer (SSL) session instead of the point-to-point VPN, Torre said the product has saved his company hours and hours of manpower time getting remote users set up and logging into the network.

Unlike the VPN, which requires the end user to install a software application that many find over-complex, the Neoteris application seemed too easy. The remote client opens up their Web browser and logs into the corporate LAN, initiating an SSL session.

From there, the information is encapsulated and connected to the network. IT managers can even set up "bookmarks" for individual clients, giving them access only to the areas they need to see.

"You can do that with traditional VPNs," Torres said, "but it's so much easier putting it all over a Web browser. There's just all these different issues that surround (VPN). It's very cumbersome to manage and support, as well as all that complexity.

"Our biggest savings is reducing that overhead and the complexity for our customers," he continued. "In terms of ROI (return on investment), we had a 10-month payback on the infrastructure, which included RSA (Securities, Inc.) infrastructure for authentication."

Neoteris expanded on the popularity of its SSL product Monday, announcing the latest version, 3.0, of its Instant Virtual Extranet (IVE) software and three new Access products aimed at the enterprise customer here at the Computer Security Institute (CSI) exhibition.

IVE 3.0 revolves around its three new applications, from the entry-level Neoteris Access 1000 to the high-end 5000. All will feature greater redundancy and clustering capabilities for enterprise managers, as well as providing secure access.

Jason Matlof, VP of Marketing and Business Development, said that while the VPN still has a viable place in today's IT networks, most remote users don't need the complicated network-to-network IP tunneling required for connection.

"While VPNs are powerful, they're expensive, and they become even more expensive when you try to secure them properly," he said. "There's no need for a remote employee or sales guy to have full-blown LAN connectivity to the corporate network. All they need is to be able to enter orders in their application, get emails, maybe share some files."

Neoteris officials also see the benefits of a Web browser-based application when used by remote users on a PDA or wireless phone. The compression technology found in the Access 5000 lets mobile users connect to the network at double the speeds they would find possible over a standard Internet connection.

Now, corporate travelers can access the corporate LAN using their PDA, giving them a secure means of connecting to the network without the need to set up the memory-draining client-side software needed to set up a VPN.

According to David Thompson, global networking strategies senior analyst at the META Group, SSL-based remote access will be used by 80 percent of corporate users by 2006.

"SSL-based network appliances provide an advantage over traditional IPSec VPNs because they reduce client complexity and support costs while simultaneously allowing for seamless connections from a wide variety of computing resources and locations because they utilize the Internet and standard Web browsers," he said.

Following is the price breakdown for the three Access products and the number of simultaneous users the software supports:

  • Access 1010 - $9,995; 50 users
  • Access 1020 - $14,995; 100 users
  • Access 1030 - $24,995; 250 users
  • Access 3010 - $29,995; 100 users
  • Access 3020 - $39,995; 250 users
  • Access 3030 - $49,995; 500 users
  • Access 3040 - $69,995; 1,000 users
  • Access 5020 - $39,995; 100 users
  • Access 5030 - $52,995; 250 users
  • Access 5040 - $64,995; 500 users
  • Access 5050 - $89,995; 1,000 users
  • Access 5060 - $114,995; 2,500 users