VPN discussions often center around the differences between services based on Multi-protocol Label Switching and IP Security technologies, with IPSec generally the de facto choice for encrypting VPN sessions over a public network. But there are cases where Secure Sockets Layer provides an attractive alternative to IPSec.
From a 30,000-foot view, IPSec and SSL provide the same function. Both supply a method for secure (encrypted) communications between a remote user and a host system using the public Internet for transport. And both can be used in this manner to support remote and mobile workers.
The key difference between them is where the secure clients run. In an IPSec network, a secure pathway is set up between the user and the host server. This approach allows access to all IP-based applications that would otherwise be available to users if they were connected directly. Though somewhat complex, this setup provides a high level of flexibility.
SSL, on the other hand, is a browser-based implementation. As such, the primary applications are limited to Web-enabled applications, file sharing and e-mail. And these applications must be specifically SSL-enabled. Nevertheless, for many enterprises, these might well be the only applications requiring remote access.
In deciding when to use SSL and when to use IPSec, it quickly becomes apparent that there is no universally "best" solution; there are many factors to be considered. These include not only the applications supported (as mentioned above), but also user accessibility, ease of administration and use, scalability, performance and total cost of ownership.