Performance Degradation SSL VPN falls prey to TCP over TCP melt-down Extra context switching of SSL VPN’s causes performance loss Poor End User Experience Limited or no connectivity over low bandwidth or high packet loss networks like Wireless DSL Data Cards Increased Support Cost No Site to Site VPN capabilitiesĮxtra context switching of SSL VPN’s causes performance loss SSL VPN falls prey to TCP over TCP melt-down Performance degradation affects the SSL gateway and all users Many companies stay with IPSec to avoid user complaints What can IT do? Traversal problem over NAT devices Firewall configuration required All corporate services are exposed on f/w No Centralized Access control Per User administration and configuration Interoperability among vendors Time consuming deployment
VPN PLUS SSL DRIVERS
Increased Security User-Based Tunneling Endpoint Security Granular Access Control Increased Return on Investment Zero Client Software Costs Zero Client Upgrade Costs and Pain Zero Client Management Universal Access Employees, Non-Employees Access from Any Device – No Device with VPN Client Required Cross Platform Support (Mac, Linux, Windows, Smart Phones, PDAs) Increased security Enable clientless VPNs Decrease operating cost Support wide variety of client platforms Enable Employee access from handheld devices Enable employee access from kiosks and guest computers SSL VPN Drivers % of respondents rating category a driver Source: Infonetics Research, 2006 80% 51% 41% 38% 29% 23% 15ġ6 IPSec – Why not? Not designed for remote access
VPN PLUS SSL LICENSE
Zero user side management One minute deployment Endpoint Security Clientless - Access Anywhere Network Extension Access AnythingĬurrent State of VPNs – Remote Access 1st-Generation VPN – IPsec IP Address-Based Tunnels All-or-Nothing Network Access for Employees High License & Administration Costs 2nd-Generation VPN – SSL User-Based Tunnels Conditional Access to Specific Applications Significant Advantages over IPsec (see next slide) Users IP Address-Based Tunnels Users User-Based Tunnels 14ġ5 2nd-Generation VPN Advantages over 1st Generation
Network Extension: Proxies client-server application, requires a proprietary client application to establish VPN and facilitate client-server application communicationġ3 SSL VPN Features Designed for Remote Access Centralized Access Control Two modes Clientless: Proxies web-based applications and uses inbuilt SSL support in browsers to establish VPN and deliver web traffic. Uses SSL protocol for confidentiality, authentication and integrity and then proxies to provide authorized and secure access for private network resource like Web, Client/Server, file sharing etc. Transparent to Applications Least effect on performance Good security
VPN PLUS SSL UPDATE
outperforming some older and established companies." - Gartner SSL VPN MQ 2007ħ Remote Access? Access Secure Application Servers to update customer information or submitting a daily report Access Corporate server Access Mission Critical Application Servers when at customer site Access Corporate Intranet to get latest information or checking status of your leave applicationĬonsultants Partners Field Engineers and Sales Team Remote Office Employees Off office hours workers Roaming Executives Bridge branch offices to corporate centreĩ Why VPN? When Alice talks to Bob Confidential Integrity Authenticationġ1 IPSec Features Site-to-Site Access Complete network access
has established multiple OEM deals and sold well in the first half of 2007. SSL VPN Magic Quadrant Q307 "The company. Higher Education Health Care Manufacturing Utilities Non-Profit Engineering Insurance Gov’t Automotive Real Estate Construction Logistics Marketing Online Security IT Services Retail 1 SSL VPN-Plus Training SSL VPN-Plus © NeoAccel, Inc.ģ Company Snapshot Founded 2004 Technology Focus Competitive Advantageįounder: Michel Susai Former Chairman and CEO, and Founder of NetScaler (Acquired by Citrix for $325M) First Product Shipped Oct 2005 Technology Focus Secure Remote Access: SSL VPN-Plus™ Network Access Control: NAM-Plus™ SSL Based Site to Site VPN Competitive Advantage Patented Architecture (ICAA™) 24-Month Technology Lead Sales Strategy Enterprise, OEM, Channel Offices Headquarters – San Jose, CA Regional Sales Offices Boston, Houston, San Jose India, China, Japan Investors Institutional Baring Private Equity NTT Angel Sabeer Bhatia (Co-Founder, Hotmail) Prabhu Goel (Inventor, Verilog) “No need to cover SSL market” 3Ĥ Sample Customers OEM Service Providers Enterprise Financial
0 kommentar(er)
