VPN Overview
VPNs (Virtual Private Networks) allow communications and collaboration to move beyond the realms of a traditional single workplace LANs (Local Area Networks). Originally developed as a cost-effective way of expanding to a WAN (Wide Area Network) without the use of dedicated fixed-lines, VPNs enable secure communications across geographically dispersed low-cost IP networks like the Internet.
VPN History
Earlier generations of VPN technology were “narrow” solutions that supported limited networking protocols and required complicated network configurations. These utilized VPN tunnel technologies based on PPTP, L2TP and today’s pre-dominant IPSec. IPSec provides decent performance and full network access but has been hindered by difficult deployments and high-maintenance network configurations.
SSL VPN technology addresses the high human resource costs of IPSec by tunneling traffic over standard web-based SSL ports, allowing for simple, anywhere, anytime access to private network resources. Traffic bypasses most ISP filters, firewalls, and network address translation (NAT) issues and allows SSL VPNs to connect where IPSec cannot, for example in a hotel room or internet café. Maintenance costs are greatly reduced and new VPNs can be immediately deployed, anywhere in the world. The result is an 80% decrease in the number of IT helpdesk calls and invaluable productivity gains and accessibility by end-users.
SSL VPN History
First generation SSL VPNs allow network access only to webified application like Outlook Web Access (OWA) or Intranet websites. End-users are authenticated and connect through a proxy-like SSL-enabled web server. Only limited resources were available and access was slow but end-users could connect from anywhere.
The second generation of SSL VPNs adds full application support and features like granular access controls and endpoint security. Application support for all IP protocols is implemented through web-installed full access client software (FAT/PHAT). A granular access policy and endpoint security checks, not available on IPSec, ensure a system is virus-free before allowing it to connect and customized access groups once it does connect.
The major problem with current SSL VPN implementations is their lack of performance and scalability. Users experience and IT administrators know SSL VPNs are a tradeoff between performance and ease-of-use. The next-generation of SSL VPN technology developed by NeoAccel™ solves the performance barrier and allows for scalable LAN-like performance in an SSL VPN solution.
NeoAccel’s complete overhaul of the SSL VPN technology model solves two critical performance-draining barriers of existing SSL VPN solutions opening the door as a complete IPSec replacement.
TCP-over-TCP Tunneling
SSL VPN technologies tunnel private network traffic inside a second encrypted protocol for traversal over of the public Internet. This process has overhead but is compounded by the “TCP-over-TCP meltdown” which is inherent when encapsulating one protocol within another.
Transmission control protocol (TCP) has various parameters (SYN, ACH, RTT) for setting retransmission times for the delivery of data from client to server in the event of packet loss.
