OpenReach, which delivers managed IPSec-based VPN services, recently joined SSL VPN stalwart Aventail Corp. in the SSL VPN managed services market. Meanwhile, quite a few vendors, some of which had SSL acceleration products looking for a new market in light of the dot-com crash, are starting to push SSL VPN equipment, says Jeff Wilson, executive director of consulting firm Infonetics Research.
Most versions of SSL, which offer security at the application level, are browser-based, so there's no client software to install or maintain. In fact, users don't even have to be on their own machines, they can access data from a PC at an airport kiosk or other location. By comparison, IPSec offers security at the network layer and requires client software, which creates more distribution and management complexities.
The downside of SSL is that it can be used only to access Web applications, e-mail and file sharing, says Wilson, who has been covering the VPN market since 1996. That means users can't access popular applications like those from SAP with SSL unless their particular applications happen to be Web-enabled, which is not likely at this point, Wilson adds.
For that reason, senior industry analyst at Giga Information Group Jim Slaby says, SSL-based VPNs are unlikely to replace IPSec-based VPNs any time soon. "From a carrier perspective there's potential there for a significant complementary offering to IPSec, but they're not going to supplant IPSec," says Slaby, who notes IPSec is well established, and the IPSec community is working to reduce installation complexity.
Slaby makes another interesting point about SSL as it relates to managed VPN services: "All the guys making the hardware are touting SSL as being so easy to set up, but the reason you go outsourced is [because the enterprise is concerned about] management issues."
