Amidst the cacophony about VPNs and whether IPsec or SSL is the better solution, and which vendor has done the most to satisfy the journalists and analysts, one "minor" issue seems to be falling by the wayside - You the user - Irrelevant maybe to most vendors, but nevertheless a problem they need to resolve in order to achieve those quarterlies!

Ask any IT Manager today what is his or her greatest issue is when it comes to secure remote access for employees and customers, and they will tell you 9 times out of 10 that it is their end users. They are faced with the problem as to how their organizations can deploy secure remote access on a scale never before undertaken, in a cost effective and manageable fashion? Of course allied to the major issue of the end user deployments are the peripheral issues such as authentication, the integrity of the users' PC, administration, etc., all of which are important, but end user deployment and ease of use is the issue.

What manufacturers frequently lose sight of is that they are so concerned about arguing that their way of solving the problem is so vastly superior to that of their competitors that frequently they don't even ask the customer what the problem is. How often have you, as a potential end user, had to sit through a tiresome presentation about Mission Statements, long-term strategy, death by buzzword, and interminable case studies that have absolutely no relevance, and find that at the end of it all the vendor is none the wiser as to why you invited them in the first place. In fact they often assume that they are better placed to explain to an IT Manager what the problem is, which by definition can only be solved effectively by that particular brand.

The Proof of The Pudding Is What's inside the Tin


When looking at SSL VPNs, the first caveat is that SSL VPNs are not like their cousin IPsec. Because IPsec is a network layer connection, it is not concerned with the applications in the tunnel, but only with ensuring the integrity of the tunnel.

SSL VPNs on the other hand not only ensure the integrity of the tunnel, but because they are "application layer VPNs" have a direct involvement in the type and nature of the application using the tunnel. Talking to any organisation considering deploying, or upgrading existing remote access environments and you very quickly discover that whatever VPN technology is used, it must serve existing applications. The problem with many SSL VPN solutions is that the vendors are trying to dictate to the customer how the customer's existing applications should work in order to comply with the limitations of the SSL VPN technology being presented.

Regardless of the type of SSL VPN technology being deployed, one key criterion that should be applied from the outset by you, the prospective user, is whether or not there are any application limitations.