True remote working used to be the preserve of the privileged few – the senior managers and directors of big PLCs that could afford the technology, and manage its inherent complexities. These included slow data connections, the need to deploy and manage special software on remote PCs, and handling encryption and user authentication to maintain security.
However, the past two years have seen a surge in remote working, as a new technique has made it viable for a far greater number of companies without compromising security. Called clientless virtual private networks (VPNs), this new technique offers a number of key benefits both to logistics companies, and to staff in the field who need secure access to head office applications such as order tracking systems, sales automation, customer records and so on.
Remote users get secure access to these corporate resources over the Internet from any Web-enabled PC anywhere – boosting overall productivity. This is achieved with no need to install or manage special software on the remote PC. What is more, it is easier for IT staff to manage, and it is friendlier for users because access is done through a familiar web browser interface.
So how does a clientless VPN work? Put simply, VPN server software is deployed on your corporate network, enabling remote users to set up a clientless VPN link from any web-enabled machine with a browser that supports secure shell (SSH), the well-established encryption and authentication technology.
As mentioned earlier, there is no need to install and manage special software on the remote PC. So, for example, if a remote user is at a customer’s site within another company’s network, he or she could borrow a web-enabled PC and create a secure, encrypted link back to the home network simply by connecting to the VPN server via the browser and authenticating themselves. It is easy for an IT manager to decide the access rights that each remote user can have – helping you to manage the usage of company systems and resources.
So far, so good. But how do you scale a VPN to the right size for your company? What upgrades – if any – do you need to make to your network infrastructure? And how do you ensure that this level of ‘anytime, anywhere’ access does not make a company’s network more vulnerable to attacks, from nuisance hacking to unauthorised access to sensitive data?
These key questions are easily answered, enabling companies to reap the benefits of the technology cost-effectively.
The key points to consider are the numbers of remote users and their predicted usage patterns. When you have established this, you can then look more closely at the costs of VPN software and licensing issues (per-user licensing or concurrent user licensing for instance). By building a usage model, you can be sure that you are only buying what you need now, with the capability to expand in the future as your users’ needs evolve.
Do I need to upgrade my comms infrastructure?
The short answer is no. Moving to a clientless VPN means that you can simply use your existing Internet pipe (whether ISDN, broadband or leased line). There is no need for additional comms equipment or dial-up connections to be deployed at the corporate network end.
Some clientless VPNs support data compression, which can be used to good effect if some remote users have to use a slow Internet connection to set up their VPN link. Compression also keeps call and data charges low when staff have to use pay-as-you-go connections.
What about my existing security policies?
Clientless VPNs typically do not affect your existing security policies. VPN traffic is encrypted using SSH, and other types of strong encryption – with 128-bit keys, or longer – can be deployed according to need. If you have existing token-based authentication, clientless VPNs can support this too. Also, because the VPN server software uses SSH and can include firewall functionality, it is easy to filter data traffic to exclude unauthorised traffic or users trying to enter the network.
What about ongoing support services?
Once you have set up the identities, permissions and access rights for your remote users, there is very little support needed because there is no widely distributed client software to manage. Also, there is virtually no support overhead from remote users because of the simplified user experience – a simple pop-up login dialogue or a bookmarked web page in a browser.
What about support for mobile connections and devices?
As the cost of mobile computing falls, it is worth establishing that the clientless VPN