The range of SSL virtual private network (VPN) products indicates that the genre is maturing rapidly.
The benefit of SSL VPNs is that there is no special client required. Users connect through a browser and set up an SSL session that provides an encrypted TCP mode. The time to use this type of approach is when you have moderate security requirements for a large or an uncontrollable community of users. An example would cover moderately secure customer connections to assets over the internet. A customer community falls into both the large and uncontrollable community, because you have no idea who your customers might be.
A common misconception about SSL VPNs is that they provide access control as well as confidentiality. They do not. SSL packets authenticate to the packet stream, not the application or device. This ensures that the entire stream is encrypted, but says nothing about whether the user is allowed to access the asset. That authentication requires additional capability, such as some sort of multifactor authentication, ID/password or certificate scheme.
So, to sum up, today's crop of SSL VPNs is, in general, quite competent. There is likely to be a product for you, but be sure that your application is appropriate for the genre. Not all remote VPN access is a good match for SSL.
BEST BUY
Product: SonicWall SSL VPN 2000
Vendor: SonicWall
Verdict: The SonicWall VPN is a feature-laden powerhouse.
Website: www.sonicwall.com
RECOMMENDED
Product: Caymas 318
Vendor: Caymas Systems
Verdict: This is a solid product with excellent support at a rather high price.
Website: www.caymas.com