Despite the cost advantages and greater flexibility for an increasingly mobile workforce, IT managers have found VPNs to be time-consuming because employees often need support when downloading software or maintaining their connections. "A lot of people are grappling with the clumsiness of VPNs," says Edward Shapland, a former senior manager in the critical technologies group at Cap Gemini Ernst & Young in New York City. "The fact that you have to deploy software to the machine isn’t a big deal if you’re only talking about corporate laptops. But if you want to allow access from home computers, Internet kiosks and to business partners, it becomes complicated."

The SSL Alternative

To get around the clumsiness, more and more vendors are offering what they call instant virtual extranets or networks, which provide access over a browser to Web-enabled data. Vendors such as Neoteris, Netilla and Rainbow Technologies sell SSL-based Web security appliances that sit on the server side of an enterprise, while Checkpoint, Nortel and OpenReach offer SSL in addition to traditional IPsec VPNs. Other vendors such as Positive Networks of Overland Park, Kan., offer an SSL VPN as a service so that companies can avoid installing software on their server or buying an appliance. Most of them use the same SSL technology, applied in different ways.

The main advantage of going with an SSL VPN is lower cost. "SSL VPNs may or may not be cheaper to buy, but they are cheaper to deploy," says Eric Hemmendinger, an analyst at Aberdeen Group in Boston. Once customers install the appliance or software, an SSL VPN requires little support from the IT department. Employees can simply log on to the company network from their Web browser instead of wrestling software onto their home PCs.

SSL connections can also prove more stable. "Because an IPsec VPN is a network-level connection, it’s more prone to breaking," says David Thompson, an analyst at Stamford, Conn.-based Meta Group.

Despite the ease of use, SSL VPNs do have limits to their usefulness. For employees who need to connect to applications that are not Web enabled, they will need a client/server version of a VPN. In addition, there may not be security built in to an SSL system, leaving the customer to purchase a tool separately. Companies may also find it cumbersome to purchase both an SSL VPN for remote access and an IPsec VPN for site-to-site connectivity, where SSLs are still extremely rare.

An Easier Way