News Stay informed about the latest enterprise technology news and product updates.

Expert cautions IPsec replacement

Is Aventail's new SSL VPN platform the key to IPsec replacement? The vendor says yes, but companies may not want to jump on the bandwagon so soon.

Remote access, by nature, puts two priorities at odds: accessibility and security.

But Aventail Corp. claims it can put an end to that conflict with its new version 8.5 VPN platform. The Seattle-based vendor said the new product marries the best of both IPsec and SSL VPN worlds.

Internet Protocol Security (IPsec) is a framework for security at the network or packet processing layer, and can only be used on a managed device. This form of remote access is a double-edged sword because it offers flexible accessibility, but the open tunnel is also more prone to security breeches.

On the other hand, SSL VPNs stray away from the open-tunnel approach to offer granular access control from any browser-enabled laptop or PC. However, because of the tight controls, SSL VPNs make use of applications like VoIP and streaming media more difficult if not impossible.

Sarah Daniels, vice president of product management at Aventail, said businesses either chose to deploy one system as the lesser of two remote access evils, or deploy both and assign different access types to users depending on their needs.

"With this release we've captured the Holy Grail: a single universal remote access device that's also completely secure," Daniels said. She added that the vendor's "smart tunneling architecture" provides IPsec's Layer 3 tunneling and SSL VPN's Layer 4-7 control.

Smart tunneling, Daniels said, provides a direct communication link between the end point and the application. In addition, the architecture is integrated with Aventail's centralized policy model to ensure that the tunnel picks the right type of connection based on business rules.

The smart tunneling architecture is in addition to the new version's three other technological features: adaptive access, bidirectional tunnel control and cross-platform endpoint control.

The bidirectional tunnel control secures tunnel traffic between the endpoint device and application. Bidirectional, versus unidirectional, is used when applications like VoIP and remote help desk support need back-connect functionality.

The cross-platform endpoint control allows network administrators to set policies to ensure security for a variety of operating systems.

Robert Whiteley, an associate analyst at Cambridge, Mass.-based Forrester Research Inc., previously indicated a new wave of SSL VPNs are poised to wash over the market.

To boot, Whiteley said Aventail is an even better example of this second generation because of its complex combination of management capabilities, features and functions.

"Aventail has done a lot on the management side to make sure it's a more intuitive system," Whiteley said. "It's one thing to play the catch up game of features and functions, but it's a lot more difficult to copy and mimic intuition -- this is what really elevates the tier one SSL VPN vendors."

Whiteley said he considers Aventail to be not only a tier one SSL VPN vendor, but also a solid No. 2 in the market behind Juniper Networks Inc.

For more information

Check out our white paper on IPsec vs. SSL VPNs.

Read our exclusive on Juniper's SSL VPN.

In spite of this, Whiteley warned of jumping on the remote access bandwagon too soon.

For those companies with a present IPsec system up and running, he suggests a "cap-and-grow" strategy to avoid the pitfalls of an automatic decommission. Whiteley said to begin new robust SSL VPNs installations, and phase out IPsec after six months.

For greenfield implementations, he suggested working with a robust SSL VPN from the get-go.

As for pricing, Whiteley chalks it up as another Aventail improvement. He said the vendor did well on this release to bring its prices in line with competitors.

The new 8.5 VPN platform starts at $6,995 for the Aventail EX-750 full-featured, clientless SSL VPN appliance tailored to small to midsized enterprises. The Aventail EX-1500 appliance, starts at $9,995 for the scalable, enterprise-class system with high availability and load balancing support.

Dig Deeper on WAN optimization and performance

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.