Check Point Software Technologies Ltd., one of the largest VPN vendors, last week promised support for this browser-based technology, and a new entrant in this area, Whale Communications Ltd., will introduce hardware and software to enable secure Internet connections for corporate networks.
Check Point says a software release scheduled for September will let businesses support both browser-based and IP Security (IPSec) remote access, requiring only one remote access gateway rather than two for those businesses that want to offer varying levels of access to their networks.
This is the first wave of a trend, according to a prediction by Infonetics Research Inc. "Check Point is the first major IPSec vendor to announce this, but others will follow," says Jeff Wilson, Infonetics' director of research. "As soon as they run into SSL competitively or see the market start to grow quickly, they will get involved."
SSL remote access alternatives use SSL support that comes standard with most Web browsers to create encrypted sessions between a remote PC connected to the Internet and servers behind corporate firewalls. A group of competitors including Aspelle Ltd., Aventail Corp., Netsilica Inc., SafeWeb In. and now Whale focus on this technology almost exclusively.
The technology eliminates the need to install separate client software on remote PCs as is the case with IPSec VPNs. Instead, the browser is the client. With some vendors, such as Check Point, SSL allows access only to Web-enabled applications and file transfers. Some vendors, such as Neoteris, support applications that are not Web-enabled. "They're getting better. They're not just doing Web proxying, they're proxying on any TCP or [User Datagram Protocol] port," says Zeus Kerravala, an analyst with The Yankee Group Inc.
While SSL remote-access appliance shipments totaled $1 million worldwide for the first quarter of 2002, Infonetics projects that the year-end total will be $60 million. It projects a 143 percent compound annual growth rate for sales of this gear over the next four years.
Check Point calls its new SSL capability "Clientless" VPN, and it's embedded in the Check Point's Service Pack 3 version of its server software.
Check Point also is adding support for the Microsoft Corp. VPN client that comes standard with Microsoft's desktop software. While the Microsoft VPN support is based on IPSec and Layer 2 Tunneling Protocol, not SSL, it is similar to the browser-based remote access in that it requires no additional software on the remote PC. If the machine has a Windows operating system, it already has the VPN support.
While Check Point is broadening its scope, Whale is focusing on SSL remote access with its e-Gap appliance. Within a single box, e-Gap contains two single-board computers, one connecting to the Internet and the other to the LAN. The two are separated by a SCSI switch that connects with only one of the computers at a time and shuttles data between them. This insulates the LAN from any possible direct contact with the Internet.
Robot-maker Fanuc Ltd. in Rochester Hills, Mich., uses e-Gap to supplement a Nortel Networks Corp. Contivity dial-up IPSec VPN, each technology having its own role. When it chose Whale, the company was seeking a way for employees to access e-mail and other key data while they are at customer sites or traveling through airports with Internet kiosks. "We use Whale [SSL capability] for quick access to our network from anywhere in the world," says Travis Robson, Fanuc's manager of systems, telecommunications and networking. "But if you're at home with a high-speed cable modem, use the VPN."