New cloud VPN service improves application acceleration, security

A new cloud VPN service offered by Aruba Networks Inc., called VBN 2.0, promises to make it easier and more secure for remote users to connect to the VPN.

Wireless security vendor Aruba Networks Inc. has announced a cloud-based virtual private network (VPN) service that it says will cut out the complexity and expense of remote networking, while delivering faster and more secure service to remote users.

This cloud VPN service seeks to address the issues that traditional VPNs present. VPNs can be awkward to set up and maintain, and they may restrict access to head office systems. In addition, staff in remote offices may pose a security risk because their Internet traffic is not managed or controlled.

Aruba's new offering, called VBN 2.0 (for virtual branch networking), is a subscription-based service that delivers application acceleration and security to any person or small office with an Internet connection. The only equipment required locally is Aruba's Remote Access Point (RAP), which can support up to 256 users, either through a wired or wireless connection. The RAP itself costs £109 and the rest of the service is paid on a per-user subscription basis, depending on the level of security required.

According to Roger Hockaday, head of Aruba in the U.K., the RAP has been designed to be installed by local staff with no technical knowledge, automatically creating an IPSec VPN connection to corporate systems.

More on cloud services
Jericho Forum: Cloud computing

Cloud-based services require stalwart business continuity plans

"They just plug it in, enter a URL to connect them to the service, and that provides them with the connectivity in their small or home office," he said.

The RAP itself has been available for a year, but now Aruba has added the new cloud VPN service that it says will handle two common drawbacks for those working remotely: slow service delivery and a lack of security control.

Hockaday said the cloud VPN service will focus on three main protocols for application acceleration, covering email, Web traffic and file sharing (HTTP, MAPI and CIFS). "They are three applications that most people need," he said. "We'll be using functions such as block acknowledgements and spoofing to accelerate the applications."

Aruba's service is delivered via a partnership with a supplier of content delivery network (CDN) services that has data centres globally, but Hockaday said customers may use their own CDN. "It could be Amazon, Akamai, anyone you want," he said.

For added security Aruba has partnered with a cloud-based security service provider, though it declined to name the company. The intent is to ensure that both inbound and outbound traffic from the remote office is scanned for content, under policy control from the head office.

Companies can either backhaul all network traffic to the corporate network to be scanned by a central security device, Hockaday said, or install devices remotely, which may be expensive in a small office with a handful of users.

Industry analysts were generally complimentary about the new cloud VPN service, which goes live in the second quarter of 2010.

Rob Bamforth, an analyst with Windsor-based Quocirca Ltd., said the ease of installation would make the cloud VPN service attractive for many companies.

"We've seen in our research that companies, large and small, are becoming more distributed," Bamforth said. "The main thing necessary for supporting the growing use of remote/branch access is 'low inertia,' i.e. the cost, licensing, physical footprint and management overhead should be as low as possible. Pushing the needs of branch networks -- management, access, security -- into the cloud means low inertia and so it's easier for companies to adopt quickly and with little fuss."

Tony Lock, programme director with Hampshire-based Freeform Dynamics Ltd., commented on the company keeping its partners' identities private. He emphasised that most European companies would need to know where their data was actually kept, in order to comply with data protection legislation. But he welcomed any solution that makes VPNs easier to use.

"Anything that allows VPNs to be used more widely, especially by small businesses, has to be welcome," Lock said. "Users often feel that security is something they must overcome to do their work. The Aruba approach actually makes it part of how they work without them having to think about it."

Mark Blowers, a lead analyst with London-based Ovum Ltd., agreed with Lock that the idea is interesting, but further questioned Aruba's reticence about revealing its partners. "I think people would want to know who is offering the service and holding their data. There are compliance implications with this, and you need to be able to account for your data."

Read more on Network security management