Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchNetworkingChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchNetworkingChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
There's a great deal of confusion as to what "SSL VPN" means. One meaning is a traditional VPN that provides network-to-network communication in an application agnostic way. These types of SSL VPNs, exemplified by the open source OpenVPN, are very much like IPsec except that they use the SSL protocol for key negotiation and other administrative tasks. Because they usually operate in user space rather than the kernel, many experts believe that they have a security edge over an in-kernel IPsec implementation. On the other hand, they may suffer some performance degradation due to the need for application scheduling and repeated context switching between the kernel and user space. SANS has a nice white paper that discusses this type of virtual private network.
The other type of SSL VPN is actually an application gateway that uses SSL to encrypt network traffic between a client computer and an enterprise network. These types of virtual private networks are mostly useful for HTML-aware applications and a few other common applications (email, terminal access, etc.) for which the VPN device has built in "application translators." The advantage of these type of VPNs is that they use a standard Web browser and therefore don't require a special client or other software to be loaded on the client computer.
If your client is mostly concerned with allowing secure, remote access to Web-based applications and doesn't want to deal with the administrative headaches of loading additional software on each client machine and schooling employees in its use, then an SSL gateway is a simpler solution, both for the users and network administrators. On the other hand, if the client's users want access to the enterprise network -- so they can connect to their desktop computers, for example -- then IPsec or an SSL VPN like OpenVPN is the preferred solution. Some SSL VPNs perform both functions, but generally not as well as one dedicated to one or the other.
This was first published in October 2006