VPN Overview

Virtual Private Networks, or VPNs are used to enable secure remote access to corporate networks. VPNs take many forms, including site-to-site networks, IPSec client based VPNs and SSL browser-based VPNs.

Most companies use their VPN in conjunction with a local authentication system, such as Active Directory or LDAP. VPN users have network privileges based on their user type or group, which enables access to appropriate network resources, such as e-mail, CRM systems and corporate information.

Enabling support for 3rd party vendors has additional layers of complexity: The technician that supports you on Monday may not be the same person that supports you on Thursday, larger software vendors may have tens, hundreds, even thousands of support technicians. Setting up & managing VPN accounts for hundreds or thousands of individual 3rd party technicians that may only require access once per year is very impractical. Since they're not your employees, you can't authenticate them with your local authentication structure unless you receive and manage a daily list of all employees that the software vendor hired and fired that day. As a result of this complexity, VPN accounts are often issued generically to a vendor, or a VPN account given to person A may be shared with person B or throughout a support organization.

Properly assigning network privileges with a VPN may also be challenging. While an employee may use a VPN for access to e-mail, a support technician will require access to varying network services, like telnet, FTP, database ports, etc. Finally, the level of audit for an employee accessing their VPN account is generally less sensitive than a 3rd party vendor, who may be connecting to systems with sensitive information.

Your Key Requirements	VPN	SecureLink Enterprise VSN
Secure	50%	100%
Easy to setup & maintain	50%	100%
Audit ability / Compliance	50%	100%

VPN- analysis of key requirements:

Secure- For employee access, VPNs are highly secure and the preferred form of remote access. For your software vendors, or other 3rd parties that require network access, VPNs do no have the features necessary to register, authenticate, control, mange and audit access.

Easy to setup & maintain- Desktop sharing is as easy as clicking on a link for the customer, desktop sharing scores well here. One limiting factor is the productivity lost when an end user is forced off of their machine for the remote user to control it. SecureLink also scores well here, since desktop sharing is one of the utilities includes with the application.

Audit ability / Compliance- If supporting an end user desktop, the customer can simply watch the session which minimizes the need for audit and compliance. While technically a violation of stringent security policies, the realistic requirement is met. However, in “phantom user” mode, where the remote user takes control of an unattended machine, audit ranges from poor to non-existent. While some desktop sharing services offer video capture capabilities, these files are typically stored in a hosted, shared environment, which may be a violation of certain policies and regulations.

• Designed for, and used today by over 10,000 highly secure and heavily regulated organizations
• Individual accounts for each support technician
• Each support technician authenticated on their own corporate network (ex: Active Directory, LDAP)
• Detailed audit trails (including files accessed, commands entered and services accessed) at the individual support technician level
• Access scheduling for specific hours of the day, days of the week (ex: only enable access Monday – Friday 8:30 – 5:00)
• One time access permission (ex: enable access for the next 2 hours only)
• Real time connection notifications delivered via e-mail, including reason for connecting and support ticket information
• No client software to support for remote users
• No hardware or infrastructure required
• Granular access controls at the host and port level (ex: only enable read-only access to this log file directory)
• Real-time reporting and monitoring from anywhere inside your network
• Data export to syslog or other local reporting store