Guide: Remote Access with IPSec or rather with SSL?

Posted by Sabrina Sturm Wed, 24 Apr 2013 11:57:00 GMT


Whether manager or (sales-) employee, whether customer or partner:  These days, access to company data and applications from anywhere and at any time, is part of the standard repertoire. However, the needs of the various groups of users can be quite different.  While a manager wants to check their mails one last time before jumping on the plane, a sales employee is sitting in a customer’s office and needs to quickly access to the latest inventory, and customers and partners would like to read the latest news in the intranet or look up the current pricelist. Fortunately, there is a solution that enables you to do all this (and much more): Remote access software. 

After a company has decided to employ remote access via an appropriate solution, one crucial question comes up: Which solution is best-suited for the company – one based on IPSec or on SSL? This guide offers some insights to help make your decision easier. However, one thing has to be made clear: There is no universal answer to this! Which is the better solution depends on your company’s individual needs and circumstances.


Basic aspects: Security, user-friendliness and easy administration


No matter how you decide, you should not have to make any compromises when it comes to security, user-friendliness and administration – or your plans just might backfire.

Taking into account the current state of IT-security, company data have to be securely protected at all times. Correctly executed and combined with a reliable authentication method, both solutions (IPSec and SSL) offer roughly the same level of security. Users who are forced to talk to the helpdesk for hours instead of actually working with the software due to complex or even complicated handling, are not really productive in the eyes of the company.  In the end, one should also think about the IT-administrator, who has to cope with the amount of time and work for administration, configuration and maintenance of the solution. Not only is a good solution time-effective, but it also saves costs.


IPsec: Not without my client


Remote access via IPsec cannot take place without an installation of a client-software on the access device. What one should think about is that – especially when connecting a greater number of users – the administration and installation is not quite effortless. Also, it is not always possible to install software on the client, for example when trying to access from a PC at a hotel or from an Internet café. What poses an even greater problem is that IPsec sends data packages that can not reach their target in every environment: this is the case when the needed ports are disabled. Consequently, the hardware currently used at the company needs to be checked for support of the IPsec protocol. It is possible that an introduction of IPsec won’t work. Better safe than sorry!

In general, due to the named characteristics above, the use of IPsec-based remote access solutions can be recommended rather for long-term or “static” connections (Site-to-Site connections). Good examples for a perfect fit would be the connection of whole subsidiaries to the company network or to grant access to long-term company partners. 

In the meantime there are also IPSec clients that do not need an installation or administration rights on client side, e.g., HOBLink VPN Anywhere client. This IPSec client can be locally run (with an USB stick) or can be downloaded from a webserver.


SSL: Dynamic and uncomplicated


In contrary to the IPsec option, SSL solutions do not need installations or administration rights on the accessing device; this is also known as “unmanaged clients.“ For that matter, this solution is far more flexible: it doesn’t matter whether you are accessing via a company laptop, a foreign PC or even with your private device (“Bring Your Own Device“) – anything goes.  The user only needs an Internet browser as well as java. For the administrator this is clearly way easier to handle. What is also quite positive is that the SSL-protocol can solidly transmit data in any infrastructure or environment. A standard SSL only needs the https-port 443, which is usually available at any time. Therefore, the use of SSL solutions is always a benefit when flexible and spontaneous connections are needed: Checking mails at the airport, connecting a short-term (project-based) employee or quick access to company data while being at a customer’s office.


Hint: Analyze your needs


Before you go for one or the other method, closely analyze the needs of your company. However, not only your current wishes and requirements should be considered. Try to take a look at the future. How do you want your company to further develop? Does the chosen solution then still fit? If you think about this early, your investments are protected on a long-term basis.

Black or white: sometimes something in-between is needed. Thus, it is possible that for your company, a hybrid solution is perfect. You can apply an SSL-based solution for your sales employees, and connect your subsidiary via IPsec to your company network anyway; a good way to obtain benefits from both solutions. Alternatively, you use HOB´s IPSec client HOBLink VPN Anywhere Client which does not require an installation or administration rights on client side. 


no comments |

You must be registered in order to write comments. To register as a new user click here.

If you're already registered, please leave a comment here

Leave a comment