Nick Peters of Holmes Oil says the company's SSL VPN lets remote workers access the network from anywhere.

May 20 2008

Access the Freedom

SSL VPNs deliver remote access over the Internet — no more disk-hogging software clients.

The Holmes Oil Company is not an oil company in the classic sense. Despite its name, the primary connection the company has with oil is that its Cruizers convenience stores have gas stations. Established in 1997 by Edward Holmes, the Chapel Hill, N.C., company manages 21 convenience stores throughout the Tar Heel state. Of the company’s 180 employees, 20 are based at the corporate office and require remote access to the corporate network every day. But until about nine months ago, the company’s remote access was not always reliable.

Nick Peters, IT manager at Holmes Oil, says remote users were regularly denied access while traveling with a software-based virtual private network (VPN) client.

“It made it harder to connect at times; there were error messages that the users wouldn’t understand, and I would get a call at 9:30 at night asking for remote-access help,” he says. “Sometimes they’d get connected, sometimes not.”

Looking to solve his users’ remote access woes, Peters purchased the SonicWall 200 Secure Sockets Layer VPN. An SSL VPN has built-in authentication and encryption technology that creates a secure VPN connection over the public Internet.

“Now I don’t have to worry about any ports being blocked and refusing access,” he says. “Corporate users can travel anywhere and gain the access they need.”

Eliminates Software Clients

One feature that makes SSL VPNs attractive to the small- and midsize-business market — compared with Internet Protocol security (IPsec) VPNs — is clientless deployment.

“There’s a bigger push for resource constraints and to consolidate the technology that a smaller IT department has to deal with,” says Chris Silva, enterprise mobile infrastructure analyst at Forrester Research in Cambridge, Mass.

“SSL has the advantage of not requiring individually managed software clients on each client device, versus IPsec,” says Silva. “An SSL VPN can be accessed up to the number of users allowed by the license from any device with a supported browser without having to support any local software or local licenses on the client device.”

Peters says SSL VPNs are simply easier to deploy and use than VPN clients.

“The actual installation was almost plug-and-play right out of the box. It was very straightforward,” says Peters. “I have users who are not technically savvy. With an SSL VPN, configuration and setup for each user was easy. I can create an icon that the user can click on, and they’re connected.”

How do most of your company's workers access your network remotely?

31% VPN
25% IPsec VPN
11% Citrix
9% Terminal Services
7% Our employees do not access our network remotely
4% Other

Source: CDW poll of 377 BizTech readers

Offers Multiple Platforms

Many of the available SSL VPN appliances focus on supporting an increased number of platforms, according to Forrester’s Silva. And while the feature sets of leading vendors’ appliances (including SonicWall, Netgear, F5 and Cisco Systems) are becoming commoditized — all offer secure remote access at varying compression rates — companies are now distinguishing themselves by offering more flexible licensing and pricing options.

“Proprietary differences come in the form of being able to accelerate traffic and compress the security overhead to optimize the experience of a secure connection to a remote user or someone in an outsourcing environment where they’re a partner but they’re not actually on the same infrastructure,” says Silva.

The main focus is supporting an increased number of platforms. “It needs to support Mac OS X, Firefox, as well as mobile browsers,” says Silva. “With fuller browser capabilities coming to mobile devices, enhanced support for Windows mobile, Safari on the iPhone, and BlackBerry, there’s a push to accelerate traffic in nonstandard delivery models for a partner, a home worker or an overseas office.”

Allows Easy Setups

SonicWall’s SSL VPN 2000, an upgrade of the VPN 200 that Holmes Oil uses, is a secure remote appliance with four 10/100BaseT ports and one serial port. The product is geared to companies with 500 or fewer employees and offers ease of setup and management. It has no restrictions on the number of concurrent user tunnels, which lets IT managers scale remote-access connectivity as the company grows.

The Cisco Self-Defending Network offers a comprehensive set of defense technology that supports up to 10,000 users on a single device. Netgear’s ProSafe Dual WAN Gigabit Firewall SSL VPN tunnels offer clientless remote access to corporate data, with four gigabit WAN ports to keep data moving at top speed. F5 recently ported its FirePass product to a BIG-IP load balancer and acceleration device, bringing centralized management and scalability to its SSL VPN offerings.

Ease of deployment and ongoing management are important features that attracted Michael Hall, director of PC engineering for DriveSavers Data Recovery of Novato, Calif. Hall purchased Cisco’s Self-Defending Network, an all-inclusive appliance that includes the intrusion-detection and intrusion-protection capabilities of Cisco’s network as a whole, as well as network access control and an SSL VPN.

IPsec still outpaces SSL in terms of overall adoptions — 59 percent versus 40 percent, respectively — but SSL is expected to take over in the next few years.
Source: Forrester Research

Within three years, the 22-year-old company had grown from six to 85 employees, straining its piecemeal network. “We had a network infrastructure in place, and we kept adding to it as we grew,” says Hall. “We needed to find a manageable network that made it easy for us to add things to it.”

Security was another important factor. “We deal with a lot of corporate customers, and the primary focus is making sure the data is secure when it’s on our site,” says Hall. “It gives the end users peace of mind that their data is secure when it comes to our facility.”

For Ben Gray, IT director for Palm Beach Tan in Farmers Branch, Texas, the choice to deploy SonicWall’s VPN was simple. With 130 users consisting of corporate employees and franchisees around the country who need access to reporting tools, point-of-sale applications and corporate e-mail, Gray needed a secure and manageable way to offer access.

Gray says before Palm Beach Tan implemented SonicWall’s 2000 SSL VPN appliance, it had a SonicWall TZ170 firewall in the franchisee’s office or installed in a corporate employee’s home for connection to the corporate data center. He says the old setup was a managerial nightmare.

“We needed a much more robust ‘anywhere/anytime’ remote-access solution,” Gray says. “You need to make sure that the device you choose can scale with the number of users and support current and future applications.”

Another reason for choosing SonicWall’s product was that it gave Gray the flexibility to create separate custom portals for the different user bases the company supports, such as corporate employees, franchisees and administrators.

SonicWall’s Virtual Assist is a big time saver for the IT department. “When a new franchisee comes on board, we have to install software on their computers,” says Gray. “Since they are remote we used to spend two hours on the phone walking them through the setup. Now we can attach to their PC and get them up and running faster.”

IT Takeaway

Use these tips to deploy cellular modems:

• Understand how many users will be logging on at any given time. You need to know how many users are going to be connecting every day and make sure that the appliance you choose can support that.
• Create user profiles. For example, group one has the highest level of access, group two is the home user, and group three may be a kiosk or partner that has Web access only.
• Develop an overall mobile-security policy. Decide which applications each type of user should have access to and which specific machines should be granted access.
Charles Harris

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT