5.3. SSL VPN Use Cases

Because of their flexibility, a wide variety of remote access use cases include SSL VPNs. Enterprises use many of these appliances for all their remote access needs — not only employee remote access, but also partners, contractors, and even customers. Refer to Figure 5-3 to see the SSL VPN use cases discussed in the following sections.

Business Continuity

Because you can deploy SSL VPNs dynamically to just about any machine available (as long as it has a Web browser that supports SSL), many organizations have deployed SSL VPNs as part of their business continuity plans.

Many organizations have planned for disaster situations that result in loss of a datacenter or some other disruption to primary locations, but plenty of other potential scenarios can result in a different type of problem — geographical isolation of employees.

In recent years, concerns about situations such as a potential avian flu or SARS outbreak, and worries about more mundane events such as public transit strikes and snow days, have resulted in employees, even those that don't normally work remotely, working from home or from some other location for a period of time. When these last-minute events happen, you can use SSL VPNs to easily allow users to connect to the corporate network from home, even without a preinstalled client. You get an extension of your local NAC deployment: Because you can enforce many of the same access control rules with SSL VPNs, you have to deal with a much smaller impact on the productivity of the end user during these types of events because he or she can still perform required functions remotely, even if he or she hadn't planned for such an event.


Figure 5.3. SSL VPN use cases

5.3.1. Mobile users

One of the primary uses of SSL VPN is for the mobile user — someone who's potentially in the network/NAC deployment one day, and then traveling from one remote connection to the next the following day.

5.3.1.1. Managed laptop

In addition to ensuring user authentication and granular access control, SSL VPN offers the ability to ensure that the laptop user's machine stays up to date, even if it remains remote for long periods of time.

This automatic updating helps to avoid the configuration drift that frequently results from permanently mobile employees.


5.3.1.2. Mobile device

Historically dominated by RIM BlackBerry, the enterprise mobile device space has seen a large range of new devices enter the network — from Windows Mobile and Symbian devices to newer platforms such as the Apple iPhone and Google Android. End users are demanding choice in mobile platforms without any loss in their ability to access mobile data.

SSL VPN is the ideal platform for mobile device users because all these platforms offer a Web browser, and many SSL VPN vendors have also developed client access technologies for these platforms.

5.3.2. Fixed telecommuters

Fixed telecommuters (employees who work remotely from one location and are not mobile) have become more popular in recent years because organizations are focusing on downsizing real estate and containing costs. SSL VPNs fit well for this type of deployment.

NOTE

Many fixed telecommuters are provided with a hardware device, such as a wireless access point, deployed by the organization at the user's home office. In these cases, consider whether SSL VPN is a better fit, or whether you can extend your NAC deployment to also incorporate access controls on this home office equipment. The primary decision point here is whether your NAC solution offers the ability to enforce NAC access controls remotely, such as on the wireless access point.

5.3.3. Mobile users on a kiosk or home machine

You can use SSL VPN for essentially any machine other than the user's own managed machine, such as his/her mobile device, home machine, or on an Internet kiosk.

Because of SSL VPN's granular access control and endpoint integrity capabilities, an organization can determine a risk factor and associated access policy before a single machine hits the SSL VPN. Then, when users attempt to log in, SSL VPN can evaluate the attributes and dynamically grant an appropriate level of access.

5.3.4. Business partners or customers on their own machines

Because most organizations don't want to allow business partners or customers full Layer 3 access onto the corporate network, SSL VPN allows organizations to establish extremely granular access controls.

These controls allow the organization to provide exactly what the user needs and nothing more.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.222.109.4