When it comes to VPN (virtual private network) technology, Finisar Corp.'s Director of IT Patrick Wilson is of two minds. He's quick to credit the technology for keeping his remote workers connected and productive as his company's ranks quadrupled from 300 to 1,200 in 2001. Yet, he's as quick to point out the technology's serious shortcomings.
Using NetScreen Technologies Inc.'s VPN devices, Wilson was able to grant 300 of the fiber-optic components maker's professional workers remote access to the company's network. He was able to put 80 or so NetScreen 500 devices in his engineers' homes. During time-intensive product launch cycles, Finisar's engineers have taken to working 6 or 7 hours in the Sunnyvale, California, facility, then heading home to work another 8 to 10 hours at home, allowing them at least some time with their families during crunch time.
The VPN allowed Finisar's 300-plus sales force to dial in to the network from client sites or while visiting one of the company's three overseas facilities. It allowed the firm's payroll manager access to ADP applications from home and let Finisar expand recruiting. Employees who live in Washington State and San Francisco work from home Mondays and Fridays, and fly to the Sunnyvale office to work the midweek. Finisar then expanded this arrangement to include several newly hired ASCI developers who live in the Napa, California, area.
"Our belief is that if an employee wants to work from home, we give them every tool. We're not going to force them since we know they need a split between business and personal life. But if they offer, we'll give them the DSL (digital subscriber line) connection, the hardware, even go to their house to put it in," Wilson explains.
Even so, Wilson was worried about security. Since VPN technology made it possible for remote clients to access the entire network, if a sales rep's notebook fell into the wrong hands, for instance, a hacker could access the firm's proprietary data. Remote administration was also difficult and extremely time consuming for Wilson and his 13-member team. Each remote PC required the installation of client software, which had to be configured to work with the VPN's security.
Moreover, Wilson wasn't interested in remote control products such as GoToMyPC or PCAnywhere, finding them too risky and an additional strain on IT. But last November, when Wilson needed to move the company's resources from one IP (Internet Protocol) network to another, he was faced with the prospect of reconfiguring the IP address of more than 300 remote systems.
"The primary thing for us is saving man hours," Wilson says. That's when he turned to a new remote access product, the VPN alternative Neoteris Instant Virtual Extranet (IVE), which costs between US$15,000 and $100,000 based on the number of users. IVE's technology is different from a VPN because it doesn't require client software and allows users to access network resources from any browser. The connection is 168-bit SSL encrypted, the same strength used in IP Security VPNs with Triple-DES encryption. "We're a secure server that communicates with outside world," explains Jason Matlof, Neoteris director of marketing.
Neoteris IVE EmployeeAccess is a network device that sits on the perimeter of the network. Unlike a VPN, which creates an encrypted communications tunnel between the remote system and the network, IVE works as a proxy server, mediating data requests (and transforming data packets) between the private LAN and the public Internet.
Unlike a VPN, IVE allows access to a limited number of network resources - files, corporate e-mail and soon telnet applications - but Wilson says that's fine, since only about 80 of his 300 remote workers use custom applications and the ADP payroll system. Wilson says he's migrated all but about 80 remote workers to IVE and expects to migrate an additional 10% when telnet access is added. "VPN is overkill for a lot of companies. People use it for e-mail only, yet IT has to maintain it," he adds.