I’m not sure if the invention of the Smartphone has been a boon for humanity, but it definitely has made us look like robots who are always glued to it.
Given the device’s prevalence today, the age-old practice of “leaving your work at the office” no longer holds water. Back in the late 80s and early 90s, when I was a kid, my parents never logged on to their office network to check emails or bothered answering a call from work once they were home or traveling on vacation. Work was just restricted to the office … but those were the “good old days” and are, for better or for worse, long-gone.
Times have changed. Part of the beauty of technology, though, is that it changes with time. Companies started expanding, 1 employee became 11 and they kept multiplying and there came a need to connect all the branch offices. IPSec-based remote VPN was born out of such a need. The times changed again and the technology improved and in came SSL VPN based VPNs.
Time continues to march on and, with it, change marches in lock step. So, what’s next?
Let’s take a quick look into each of these technologies and understand what were the drivers back in “the day,” and what are the drivers today that are driving change in remote access environment.
IPSec (IP Security) VPN is a legacy VPN solution that connects corporate devices to trusted networks. IPSec was originally developed to link two wired networks and provided an infrastructure to extend a private network across the Internet to reach out to partners, customers etc. and build a Virtual Private Network (VPN).
It is probably the most-adopted solution for data security in transit; however, it is not well-suited for use in mobile and wireless networks. An IPSec tunnel required that the IP addresses of the two end points remain unchanged. Some of the disadvantages of using an IPSec VPN solution are as below:
- IPSec also is not the most reliable connection when the users are mobile and moving from one network to another and/or suspend and resume laptop connections. Users have to re-authenticate when they encounter a gap in the connection and that can lead to user frustration, loss of user productivity and high volume calls to the support desk.
- IPSec also does not allow any kind of optimization of application traffic when it is delivered on an end user device like mobile phone.
- Does not allow administrators to apply granular application level policies and hence an IPSec VPN appliance cannot be used as a centralized policy manager.
SSL VPN is a secure way to remotely access application data. As opposed to IPSec VPNs, which connect corporate devices to trusted networks, SSL VPNs connect users using any browser-enabled device to specific applications. It is well suited for BYOD (laptops and desktops) as well as users accessing applications from home, café or any remote location.
SSL VPN meets most of the use cases for a remote worker but falls short of meeting the needs of a mobile user. Similarly to IPSec VPN, SSL VPN also has some disadvantages:
- SSL VPN solutions, just like IPSec VPNs, do not handle roaming users between the networks very well. In case of poor connectivity, applications crash or data is lost.
- SSL VPN operates at layer 7 mostly using a TCP connection, rather than a UDP connection. This results in lower wireless-network performance
With end users relying more and more on their smartphones and tablets to access corporate data like emails, enterprise and cloud applications, Enterprises are being challenged to improve security for these end user devices. When you throw in BYOD, the challenges are even more complex.
Question comes to mind: Why can’t Enterprises use the existing infrastructure like SSL VPN or IPSec to enforce secure access from Mobile phones?
They just can’t. Traditional VPNs are just not built for the mobile environment. Although these technologies work great for users who connect from a stationary device like a PC over a LAN connection in office or a laptop over a residential broadband connection, they cannot do the same for devices that are mobile and not stationary. A traditional VPN cannot adjust to the devices in motion and the properties like IP address, point of network attachment that changes with the motion. As a result, users get high drop rates, bad connectivity, and have to continually reconnect the devices. This results in loss of productivity and increase in frustration.
In addition the mobile phones use cellular networks that have low throughput and higher packet loss as compared to a wired connection. The applications users accesses from a mobile device are typically written for stable wired connections they have a high throughput. This results in poor application behavior and loss of productivity for the mobile user.
Mobile VPN is built using the same SSL VPN technology but has added features from a traditional SSL VPN solution and specific to a mobile user. Optimizing mobile app traffic, integration with MDM/MAM products to provide security and compliance, providing SSL VPN tunnel and per app tunnel on mobile devices, etc. are some of the features that are not provided with a traditional SSL VPN solution.
Now the quandary before you is: “I have multiple point products deployed in my datacenter for each of the use cases above. My users have to go to multiple URLs for accessing applications remotely and are frustrated with the user experience. Multiple solutions for remote access are driving up the cost and has led to redundancy in my datacenter. What should I do?”
The answer is simple: One URL. IT needs to start consolidating and converging remote access infrastructure. We need to start looking for solutions that provide secure remote access to any application, on any device.
For more information on One URL and how it drives consolidation, stay tuned for our next post. To be continued …