June 24

VPN Solutions – Which is Right for You?

Virtual Private Networks (VPNs) are not the latest and greatest technology out there. In fact, they were first seen in the late 80′s as a means to carry private information across the public network. Today, VPN is primarily used by organizations to securely connect remote employees to internal applications, such as email or file servers. Like all technology, VPN has evolved over time and now offers different methods of connecting remote employees.

So, how does one decide which solution will best fit their needs? There are two types of VPN to choose from: Internet Protocol Security (IPSec) and Secure Sockets Layer (SSL). Both technologies differ in performance, costs, and ease of implementation but accomplish the same task – securing the remote users connection.

IPSec VPN is your traditional VPN client. By installing and configuring software on their remote machine, the end-user is able to connect back to their main network’s firewall. Depending on the number of remote users in an organization, this can be a time-consuming deployment. The cost of this solution is minimal, as most firewalls today do offer IPSec client connections without additional licensing. The most expensive part of this solution is the labor when installing the clients. The performance of IPSec VPNs tend to be much slower compared to those that are SSL-based.

Cisco’s “AnyConnect” is a hybrid between client based and clientless. This SSL-based solution requires a client to be installed on each computer. However, deployment is much easier because users connect by going to a SSL website and the client is automatically installed. “AnyConnect” licenses are required and only available in Cisco products at this time. Because SSL is a light-weight protocol, VPN performance is much better when compared to a traditional IPSec client.

Secure Sockets Layer (SSL) VPN is a true clientless solution. Connecting is as simple as going to an SSL website. A deployment consists of distributing a web address to all remote users. SSL is the better performing solution. Due to the ease of deployment and performance improvements, it comes at a higher cost. “Per user” licensing means that the total cost of an implementation is directly related the number of users.

Here is a quick summary of the 3 VPN solutions

VPN Technology	Ease of Implementation (Easy-Moderate-Difficult)	Licensing Costs ($-$$-$$$)
IPSec	Difficult Need to install software on each computer that requires access, implementation can be extremely time consuming	$ Sonic Walls and Cisco Firewalls come with multiple IPSec licenses for free, up to 250 IPSec connections on some models
Cisco’s “AnyConnect” VPN	Moderate Still requires a client but automatically installs when you first connect to the SSL website, thus minimizing implementation time	$$ Cisco has dramatically reduced pricing but this does require additional licensing on top of the firewall base purchase
SSL Clientless	Easy Is a true clientless solution, users simply browse to an SSL website to connect, and the website is configured for their remote access needs	$$$ SSL licenses are a separate purchase on top of the base firewall purchase, SonicWall has a 25 user MAX with their small business firewall, a separate SSL VPN appliance is required with more users.