Wednesday, October 6, 2010

Complementary to IPSec VPN SSL VPN


Reasonable choice of VPN

SSL VPN's strong momentum of development seems to indicate that it will replace IPSec VPN,

But careful analysis you will find no contradiction between the two

Choose the ideal virtual private networks for enterprise users is difficult, the current prevailing theory is: thunder gradually strength of the SSL VPN will quickly catch up and possibly replace the traditional IPSec VPN, this big purchase decision even more difficult. Of course, some people insist that: SSL VPN that Cinderella will soon shine, IPSec VPN will be eclipsed. This is the noise of the industry for the recent addition of a fire.

The industry believes that, IPSec been rumors put out too early, but in the field of remote access, there is no doubt a trend is very clear - stay away from IPSec, this trend stems from some very practical reasons.

Steady development

Infonetics Research is an international market research and consulting firm, is also a major professional company VPN areas. It said, SSL VPN has achieved considerable progress, as well as many IPSec VPN vendors in 2003 will continue to announced the launch of products based on SSL. This scene has now been presented before the world, Nokia, Cisco and other big players have launched around the SSL product solutions.

However, SSL still does not replace IPSec, Infonetics think so. Because of the lack of an ideal site to site to connect the SSL solution, and said remote access, and considered by many companies, may order a different remote access while deploying SSL and IPSec, but in the near future, this is unlikely to become a dominant trend .

According to a recent report by Infonetics shows, IPSec on the VPN is still the dominant terms of tunnels and encryption technology. But at the same time, SSL will continue to be attractive. By 2005, 74% of mobile workers will depend on the VPN (15% increase over 2003), growth is expected mainly from the SSL, IPSec outside of this alternative to avoid the need for client software deployment and management complexity and human needs.

The question now is, in the early stages of this market, many manufacturers on how to SSL-based product positioning seems to be no clear attitude. In the end the SSL VPN (also called application-layer VPN gateway products) as with IPSec competition or complementary? This was a marketing problem.

Infonetics that, SSL product and the final positioning of the best complementary IPSec. Most manufacturers will develop or purchase IPSec application layer VPN technology to their product line. This complementary positioning is essential to market success. If in the next 12 months, leading the market in the company decided to stir up competition between SSL and IPSec, then the market will suffer.

What difference

In the design, IPSec VPN is the nature of the security technology infrastructure. The real value of this type of VPN is that they try to improve the IP environment of security. The problem is the deployment of IPSec requires significant infrastructure transformation for remote access. Benefits to put in there, but the high cost of management. On this point, IPSec site-to-site connection is still the only option, but for other SSL VPN remote access activities also aroused interest.

However, when the first debut, IPSec VPN is considered other than remote access solutions, has a major advantage. Attraction of including IPSec VPN, which uses a centralized security and policy management components, which greatly ease the maintenance requirements.

However, recent traditional IPSec VPN, there were two main issues: first, to bring the human cost of client software, which many companies hope to avoid; second, some security issues have also been exposed, these problems mainly with the establishment of open network layer connectivity.

Preferred options

Many experts believe that the usual senior corporate users (Power User) and LAN-to-LAN connection required for function in terms of direct access to corporate networks, IPSec unrivaled. However, a typical SSL VPN are considered most suitable for remote employees to access common Web-based applications. Therefore, if you need more comprehensive, browser-based applications for access, as well as for remote employees to connect all offices, IPSec is undoubtedly the first choice.

On the other hand, SSL VPN does not require the end user's PC and laptop computers into the other client software. Some companies chose not SSL IPSec, this function does not require client software is an important factor.

In addition, SSL VPN there are other often mentioned characteristics, including lower deployment costs, reduce support and management on the day to day needs. In addition, because all external traffic is usually through a single hardware device, so that you can control access to resources and the URL.

Manufacturers in introducing such products do not need VPN client software, users can connect via the Internet to connect the task of equipment and means of access to safe access SSL tunnel. This requires additional hardware in the enterprise behind the firewall, but as long as the management company a device, not to maintain, upgrade and configure client software.

Because the end user to avoid carrying a portable computer, through any device with Internet connection can gain access, SSL is more likely to meet most of the staff of the mobile connectivity needs. But the problem is that such a program, SSL VPN encryption-level is usually higher than IPSec VPN. Therefore, despite the deployment and support costs low, and enable organizations to use a desktop computer, laptop or other means of staff Tigong use e-mail, 鐢氳嚦 rapidly, providing easy access to our partners outside the network capability, but SSL VPN still has its shortcomings.

The industry believes that these defects are usually related to client security and performance issues. E-mail and the Intranet on the case, SSL VPN is very good; but require higher security level, more complex applications, require IPSec VPN.

Connect Enterprise

Although the view was expressed that SSL really only applies to access Web-based 搴旂敤, Er Qi Ye not directly access network, Tageng for less skilled users, rather than Gaoji user, a kind But now a new 瓒嬪娍 - SSL tend to be infrastructure for technology, not just to be associated with Web application servers, deployed in network infrastructure equipment to other components of a technology.

In addition, some of the popular SSL technology has advanced to allow reliable remote users to connect fixed equipment, and fixtures that end with a reliable PC, firewall and anti-virus and other protective measures. In short, it is only a provision for all users all the necessary features of the VPN only, and IPSec VPN The fundamental difference is that traffic is transmitted via SSL to.

However, many organizations also use SSL and IPSec VPN must have its reasons. But industry experts believe that there is no reason to use both remote access and the same time. The present IT organizations do not agree with this view, that is, within the network, which the IPSec technology into LAN-to-LAN, SSL VPN is designed to work daily and remote access.

No matter how the SSL VPN to say, companies should keep in mind: such technology can not solve all problems for everyone. SSL VPN's all about saying just a market indicator that it is the solution of certain types of problem another way: not all resolved, but certain types.

Client software is the key

It was therefore firmly believe that, IPSec is to provide site to site, the primary tool to connect, through this link, you can wide area network (WAN) on the implementation of infrastructure to infrastructure communication. The SSL VPN feature does not require client software to help reduce costs, reduce maintenance concerns about Remote Desktop.

However, SSL's limitations is that only connect via a Web browser to access the assets. Therefore, it requires some applications to have a small application that can effectively access. If the application is not a small business assets or application, in order to connect to them is more difficult. Thus, you can not, without client software environment to run, because it requires some kind of rich client software (Client-Rich) of interactive systems.

Does not require client software operating environment certainly has its efficiency and benefits, performance, coverage and application compatibility problems also exist. In this way, full use of this option appears more challenging. SSL This program can solve the problem OS client software, client software maintenance issues, but certainly not entirely replace IPSec VPN, they have different solution is to be almost no overlap of the two kinds of the number of different issues.

SSL and application security

On the need for remote access to the most companies in support of the application should include the company to maximize efficiency, productivity and profitability of the various applications needed. Although the application security to provide this coverage width, but the application of SSL VPN can support a very limited kind.

Most SSL VPN are HTTP reverse proxy, so that they are suitable for a Web-enabled applications, as long as you can through any Web browser to visit. HTTP reverse proxy support for other query / response applications, such as basic e-mail, and many business productivity tools, such as ERP and CRM, client / server applications. In order to access these types of applications, SSL VPN for remote connectivity provides a simple and economical option. It is plug and play, and does not require any additional client software or hardware.

However, the same happens this advantage of SSL VPN has become the biggest constraints: users can only access the necessary applications and data resources among a small part. SSL VPN for remote access applications can not provide a comprehensive solution, because it does not help access to internally developed applications, nor help to visit a number of channels and dynamic port requirements and the use of multiple protocols such complex applications. However, this company and remote users is a key requirement. For example, SSL VPN there is no framework to support instant messaging, multicasting, data feeds, video conferencing and VoIP.

While SSL can protect the TCP channel created by the HTTP security, but it does not apply to UDP channel. Today, however, the support of business applications required to support all types of applications: TCP and UDP, client / server and Web, readily available and internally developed programs.

Application-independent security solution should have the support of a variety of standard TCP or UDP. Application of security technology supports the use of physical network solutions. In addition to supporting a variety of procedures now, application security will also support future programs, no matter what kind of protocol or design.






相关链接:



DivX to MPEG



MOD converter



Home theater q amp a



3GP to MPEG



No comments:

Post a Comment