News Stay informed about the latest enterprise technology news and product updates.

Whale hybrid VPN harpoons market

Whale Communications and Microsoft have teamed up to roll SSL VPN and IPSec VPN into one appliance, and the CIO of Regis University says he can't wait to add it to his network.

Peter Greco doesn't need any convincing that the latest release from Whale Communications Inc. will find a place in his network.

As CIO of Regis University with a main campus in Denver and others in Nevada, Greco has relied on Whale's Secure Sockets Layer (SSL) VPN appliance for the past two years and knows its capabilities. He also knows the value of Microsoft Corp's Internet Protocol Security (IPsec ) VPN function, which the university has also used.

So when the Fort Lee, N.J.-based Whale last month rolled out an appliance combining its SSL VPN, Microsoft's IPsec VPN, endpoint and application security and Microsoft's Internet Security and Acceleration technology, Greco was quick to hop on the bandwagon.

"We've always done point-to-point lines between campuses," he said. "This is going to make it easier for my staff to support. We're going to be able to integrate the old and the new."

There was no divergence whatsoever between the SSL and the IPsec world.
Peter Greco
CIORegis University
Whale's integrated appliance combines the company's Intelligent Application Gateway with Microsoft's ISA Server. Whale CEO Roger Pilc said the appliance is aimed at midsized and large companies and has a base price of $15,000. The Application Gateway can be added the to network perimeter at either the DMZ or on the LAN. The box manages remote access sessions, filters inbound and outbound communications, checks endpoint security and scans the application layer.

IPsec VPNs have been dominant for several years and work at Layer 3 to create a "tunnel" into the network so devices act like they are physically attached to the LAN when users log on. Newer SSL VPNs work at Layer 4, the application layer. With SSL, users access applications via a Web browser and administrators can control access by application, rather than provide access to the entire network.

Greco said he plans to install the Whale box this month to initiate IPsec tunneling for the Las Vegas campus. The university already uses Whale's SSL product for roughly 17,000 students, 6,000 of which are full time, and more than 1,000 staff members. The university also uses the ISA Server's IPsec function to manage access to the Student Information System, an application that manages student information similar to enterprise resource planning.

Greco said piling both SSL and IPsec functionality into one box will help the school manage remote access and decrease the cost of maintaining the network between the main campus and other locations. Plus, he said, the Microsoft orientation will help the box fit right into his network environment, since most of its applications are Microsoft-based.

"Our biggest advantage will be ease of management," he said.

For more information

Check out our story on the VPN market making room for SSL and IPsec

Read what an expert says about using SSL VPN with e-mail clients

He said the university was initially planning to shift access for telecommuters from IPsec to SSL, but there were too many issues involved in the switch. Having both options now in one box makes it possible to keep the IPsec tunneling while keeping an eye toward SSL. When the time comes to transition from IPsec to SSL, the Whale product will help ease that switch, Greco said.

Greco said remote access security is necessary for students and faculty to use applications, especially the Student Information System, which contains sensitive student information. The university needs VPN security to ensure all data traveling through the pipes is encrypted.

Marcus Schmidt, senior product manager for Microsoft Internet Security and Acceleration, said the genesis of the partnership and resulting appliance stemmed from the increasing need for secure remote network access.

"More and more workers need to access more applications behind firewalls," he said. Schmidt added that the market is shifting toward more hardware-based security options, which also played into the product's development.

Along with SSL VPN and IPsec VPN functionality, the gateway also offers:

  • Policy compliance
  • Application firewall capabilities
  • Endpoint and application protection
  • Monitoring and reporting
  • Forward and reverse proxies

"There was no divergence whatsoever between the SSL and the IPsec world," Greco said. "This is bridging the gap."

Dig Deeper on WAN technologies and services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.