Why VPN When You Can SSL?

CHICAGO — The Catholic Health System (CHS) is a New York-based health care
organization comprised of four hospitals and scores of diagnostic centers
throughout the state. With such far-flung offices and remote workers,
getting all of them working on the same network can be a time-consuming and
expensive proposition.

Doug Torre, the director of networking and technical services at CHS, was
reading a trade publication earlier this year when he came across an outfit
called Neoteris, a remote management company. The company, in addition the
traditional virtual private networking (VPN) it sells, takes a different
approach to connect remote users to the corporate local area network (LAN).

Using a secure socket layer (SSL) session instead of the point-to-point
VPN, Torre said the product has saved his company hours and hours of
manpower time getting remote users set up and logging into the network.

Unlike the VPN, which requires the end user to install a software
application that many find over-complex, the Neoteris application seemed
too easy. The remote client opens up their Web browser and logs into the
corporate LAN, initiating an SSL session.

From there, the information is encapsulated and connected to the
network. IT managers can even set up “bookmarks” for individual clients,
giving them access only to the areas they need to see.

“You can do that with traditional VPNs,” Torres said, “but it’s so much
easier putting it all over a Web browser. There’s just all these different
issues that surround (VPN). It’s very cumbersome to manage and support, as
well as all that complexity.

“Our biggest savings is reducing that overhead and the complexity for our
customers,” he continued. “In terms of ROI (return on investment), we had
a 10-month payback on the infrastructure, which included RSA (Securities,
Inc.) infrastructure for authentication.”

Neoteris expanded on the popularity of its SSL product Monday, announcing
the latest version, 3.0, of its Instant Virtual Extranet (IVE) software and
three new Access products aimed at the enterprise customer here at the
Computer Security Institute (CSI) exhibition.

IVE 3.0 revolves around its three new applications, from the entry-level
Neoteris Access 1000 to the high-end 5000. All will feature greater
redundancy and clustering capabilities for enterprise managers, as well as
providing secure access.

Jason Matlof, VP of Marketing and Business Development, said that while the
VPN still has a viable place in today’s IT networks, most remote users
don’t need the complicated network-to-network IP tunneling required for

“While VPNs are powerful, they’re expensive, and they become even more
expensive when you try to secure them properly,” he said. “There’s no need
for a remote employee or sales guy to have full-blown LAN connectivity to
the corporate network. All they need is to be able to enter orders in
their application, get emails, maybe share some files.”

Neoteris officials also see the benefits of a Web browser-based application
when used by remote users on a PDA or wireless phone. The compression
technology found in the Access 5000 lets mobile users connect to the
network at double the speeds they would find possible over a standard
Internet connection.

Now, corporate travelers can access the corporate LAN using their PDA,
giving them a secure means of connecting to the network without the need to
set up the memory-draining client-side software needed to set up a VPN.

According to David Thompson, global networking strategies senior analyst at
the META Group, SSL-based remote access will be used by 80 percent of
corporate users by 2006.

“SSL-based network appliances provide an advantage over traditional IPSec
VPNs because they reduce client complexity and support costs while
simultaneously allowing for seamless connections from a wide variety of
computing resources and locations because they utilize the Internet and
standard Web browsers,” he said.

Following is the price breakdown for the three Access products and the
number of simultaneous users the software supports:

  • Access 1010 – $9,995; 50 users
  • Access 1020 – $14,995; 100 users
  • Access 1030 – $24,995; 250 users
  • Access 3010 – $29,995; 100 users
  • Access 3020 – $39,995; 250 users
  • Access 3030 – $49,995; 500 users
  • Access 3040 – $69,995; 1,000 users
  • Access 5020 – $39,995; 100 users
  • Access 5030 – $52,995; 250 users
  • Access 5040 – $64,995; 500 users
  • Access 5050 – $89,995; 1,000 users
  • Access 5060 – $114,995; 2,500 users

News Around the Web