Evolution of the internet protocol virtual private network

Fran Howath, principal analyst, Quocirca Many organisations today operate in complex, distributed environments that encompass multiple branch offices...

Many organisations today operate in complex, distributed environments that encompass multiple branch offices spread across diverse geographical locations, some of which may be subsidiaries or affiliated companies. For most of these, access to centralised IT resources is a must. And they also need to provide access to those IT resources for an expanding army of mobile workers and for external users. Remote access has become a fact of life.

To provide secure remote access to employees - and increasingly to business partners, suppliers and users - virtual private networks (VPN) have emerged as the technology of choice. The majority of VPN deployments are one of two flavours. Secure socket layer (SSL) VPNs require just an internet browser for setting up a VPN connexion and are an effective remote access solution for large numbers of remote and ad hoc users.

However, SSL VPNs generally work best with web-enabled applications. For client-server or highly customised applications, such as most in-house user relationship management systems, application programming interfaces must be written, which is an expensive undertaking. And they cannot be used for peer-to-peer applications that are coming into greater use, allowing more effective collaboration.

The other main alternative is an internet protocol security (IPSec) VPN, most commonly used for office-to-office connexions, such as a branch office connecting to headquarters, or for a small number of trusted users accessing the corporate network. The advantage of IPSec VPNs is that they can provide access to any type of application running on the network and can give a user the same experience as if they were physically located in the main office.

The disadvantage is that they have traditionally required that a software agent be installed on every endpoint connecting to the network and that administrators configure each device separately by visiting each remote site. This made them costly and complicated to manage - especially in large, complex deployments.

To address these issues, IPSec VPN suppliers have added features and functionality to their products in recent years, aimed at easing management issues, beefing up security, and expanding coverage to a wider range of communications mechanisms, devices and computer operating systems. This has resulted on a new generation of more advanced IPSec VPN products coming onto the market.

According to its users, one of the forerunners among those suppliers is NCP Secure Communications of Germany. MAN Nutzfahzeuge, a supplier of trucks, buses, diesel engines and industrial machinery, has been a long-term client of NCP, but surveys the market every year to evaluate products offered by other VPN suppliers. It has been unable to find another product that offers the breadth of functionality of NCP's technology, which it defines as a suite of products.

And that is an accurate description. NCP's enterprise-class products offer powerful centralised management capabilities that provide one single point of administration for creating, distributing and configuring user profiles, digital certificates and software updates without the need to physically visit each device under management to install software agents. This considerably cuts down on the number of administrative resources required to implement and maintain deployments, as well as reducing costs.

For MAN, this is something of vital importance since it uses NCP's technology for providing access to central IT resources for facilities throughout the world, including remotely managed servers for affiliated companies. The centralised management server also interfaces with a wide array of backend systems, including an integrated remote authentication dial-in service (Radius) server for authentication and access control of users.

Enhanced security features include the provision of network access controls (NAC) for ensuring endpoint security for all devices under management, making certain that all devices conform with security policies, including mobile devices. All security parameters set are locked so that they cannot be changed by users and security controls are enforced by a personal firewall for every endpoint connecting to the network.

The high levels of security are not lost on NCP's clients. For DATEV, a co-operative that develops software applications and provides IT services to tax consultants, auditors and lawyers, security was a key factor in its decision to license NCP's technology owing to the robust levels of professional confidentiality that are required for it to comply with Germany's strict Tax Advisory Act. In proving such compliance, the full logging and reporting capabilities that are included in NCP's VPN platform are a must.

One other differentiator of NCP's technology among those mentioned by its clients is the broad device and technology support that is offered out of the box, including a wide range of operating systems, devices and communications methods. VR Netze, which provides data processing and IT services to co-operative banks throughout Germany and abroad, says that NCP is the only supplier that it could find offering support for Windows XP and Vista operating systems in the 64-bit versions, as well as for Linux and a wide range of mobile operating systems. It also appreciates that NCP future-proofs its technology, adding support for new technologies when they come onto the market.

With a 21-year heritage and a clear focus on the remote access market, NCP is one of the industry's best kept secrets, best known in its core German-speaking markets. But that is changing. It can boast a substantial number of international clients, many of them multinationals, and is now setting its sights on the world stage by engaging with an extended range of partners. Any organisation looking for remote access management expertise would do well to include NCP in its evaluations.

Quocirca's recent report The essential elements of secure remote access is free for download here.

Read more on IT risk management