Cisco Systems is understood to be launching the latest
version of its flagship VPN 3000 Series Concentrator product,
which includes Secure Sockets Layer VPN features, next
week.
Industry analysts claimed that Cisco will include an SSL VPN
(virtual private network), called "WebVPN", with existing IPsec (IP
Security Protocol) VPN features at no extra cost. Cisco did not
respond to requests for comment.
SSL VPNs are an increasingly popular technology for providing
remote users with access to network resources such as e-mail,
software applications and network file servers, according to Dave
Kosiur, a senior analyst at The Burton Group.
As opposed to VPNs that use IPsec, SSL VPNs are typically
"clientless", meaning that they do not require a separate software
application to be installed on the remote user's machine.
They also rely on the SSL protocol, which is a part of most
common web servers and web browsers and widely used to secure
e-commerce transactions, Kosiur said.
Companies using SSL VPN pass connections through port 443, to
which most firewalls automatically allow traffic. In contrast,
IPsec requires multiple ports to be opened on firewalls to handle
different elements of the IPsec VPN exchange such as message
authentication headers and IKE (Internet Key Exchange) traffic, he
said.
Because they use clients, IPsec VPNs can be more difficult to
manage for large numbers of users. Business travellers who rely on
IPsec VPNs often find that internet providers such as hotels have
not modified their firewalls to allow IPsec connections, denying
them VPN access to their company network from the road, Kosiur
said.
IPsec suppliers have made progress in resolving such integration
problems, but left a window open that SSL VPN vendors have used to
grab market share, Kosiur said.
Cisco will offer 3000 Concentrator customers basic, clientless
SSL VPN features which will enable users to access e-mail, file
sharing servers and web applications.
The 3000 Concentrator will support a limited thin client mode,
in which a Java web browser plug-in can be downloaded and used to
handle operations such as port forwarding for static communications
ports, according to Kosiur, who was briefed on the new features by
Cisco.
The latest SSL VPN features will take advantage of existing VPN
3000 IPsec capabilities such as load-balancing and high
availability features, according to information obtained.
The product will not, initially, support products which do more
sophisticated port switching, such as Citrix Systems' terminal
emulation products or IBM's Lotus Sametime instant messaging
application, Kosiur said.
That will put them somewhat behind dedicated SSL VPN suppliers
such as Aventail.
"Cisco is providing what Aventail or Neoteris were offering nine
months ago, so they will need to do some catch-up in terms of
offering additional functionality," Kosiur said.
Nevertheless, the features Cisco is rolling into the 3000
Concentrator should cover around 80% of what companies use VPN for,
he said.
For companies that have already invested in the 3000
Concentrator product or other Cisco hardware, that may be enough to
convince IT purchasers to stay with the company for VPN as well,
according to Zeus Kerravala, vice president of enterprise
infrastructure at The Yankee Group.
Cisco scored at the top of a recent Yankee Group poll which
asked network managers which SSL VPN supplier they would consider
in the next 12 months, even though the company had not even
announced its SSL VPN product when the poll was conducted, he
said.
In addition, IPsec is still a widely accepted VPN technology,
and even preferable for so-called "power users" who need remote
access to more complicated network applications and legacy systems,
Kosiur said.
Cisco's move to add both SSL VPN and IPsec on one device, at no
extra cost, will put pressure on other VPN suppliers to do the
same, he said.
Paul Roberts writes for IDG News
Service