Because of their flexibility, a wide variety of remote access use cases include SSL VPNs. Enterprises use many of these appliances for all their remote access needs — not only employee remote access, but also partners, contractors, and even customers. Refer to Figure 5-3 to see the SSL VPN use cases discussed in the following sections.
One of the primary uses of SSL VPN is for the mobile user — someone who's potentially in the network/NAC deployment one day, and then traveling from one remote connection to the next the following day.
In addition to ensuring user authentication and granular access control, SSL VPN offers the ability to ensure that the laptop user's machine stays up to date, even if it remains remote for long periods of time.
|
Historically dominated by RIM BlackBerry, the enterprise mobile device space has seen a large range of new devices enter the network — from Windows Mobile and Symbian devices to newer platforms such as the Apple iPhone and Google Android. End users are demanding choice in mobile platforms without any loss in their ability to access mobile data.
SSL VPN is the ideal platform for mobile device users because all these platforms offer a Web browser, and many SSL VPN vendors have also developed client access technologies for these platforms.
Fixed telecommuters (employees who work remotely from one location and are not mobile) have become more popular in recent years because organizations are focusing on downsizing real estate and containing costs. SSL VPNs fit well for this type of deployment.
NOTE
Many fixed telecommuters are provided with a hardware device, such as a wireless access point, deployed by the organization at the user's home office. In these cases, consider whether SSL VPN is a better fit, or whether you can extend your NAC deployment to also incorporate access controls on this home office equipment. The primary decision point here is whether your NAC solution offers the ability to enforce NAC access controls remotely, such as on the wireless access point.
You can use SSL VPN for essentially any machine other than the user's own managed machine, such as his/her mobile device, home machine, or on an Internet kiosk.
Because of SSL VPN's granular access control and endpoint integrity capabilities, an organization can determine a risk factor and associated access policy before a single machine hits the SSL VPN. Then, when users attempt to log in, SSL VPN can evaluate the attributes and dynamically grant an appropriate level of access.
Because most organizations don't want to allow business partners or customers full Layer 3 access onto the corporate network, SSL VPN allows organizations to establish extremely granular access controls.
These controls allow the organization to provide exactly what the user needs and nothing more.