It isn't until near the end of this very good Help Net Security overview and update on secure socket layer virtual private networks (SSL VPNs) that the other major type of VPN -- IP Security (IPSec) -- makes an appearance. And, at that point, it really only is used for comparison to SSL.
That's understandable, since the piece is about SSL VPNs. But it is a bit strange to see one get so much less attention than the other. While they have their skeptics, the increasing need for security means that these are good days for IPSec and, in particular, SSL VPNs.
Both aim to create secure links between applications and databases behind the corporate firewall and people in the field. SSL VPNs are accessed via browsers and don't require clients to be downloaded and configured, while IPSec -- the older technology -- does.
The tendency during the past few years has been for highly mobile workers to employ SSL, while IPSec is employed for users in branch offices, telecommuters' offices and other more stable environments. The nature of the maturing market is captured in this sentence from the conclusion of the Help Net Security piece:
"SSL technology is rapidly maturing to the point where there are few clear differences between SSL and IPsec technology."Lest we be accused of taking the line out of context, it's fair to point out that other passages of the story suggest that the two technologies still are separate and distinct. The point -- and it's an important one -- is that SSL's evolutionary path is a shrewd one from both the marketing and technical points of view.
The bookend to the helpful Help-Net piece appeared late last month in Laptop magazine. The story makes the point that VPNs still are an emerging market. More importantly, the story takes a close look at VPNs from Columbitech, IBM, Motorola, NetMotion Wireless and Nokia.