Remote Data Via VPN’s: Client or Client-less?

There’s many ways you can access files on your server, one of the best and most secure ways is via a Virtual Private Network (VPN). Here’s a case study of the experience that Santa Barbara Charter went through.
Before we get into the case study, you should know that a VPN lets you connect to your server from anywhere in the world where you can access the internet. Imagine the internet being the ocean. When you work normally (email, web sites, etc)your files and data or often sent without any or very little security across the internet. A VPN is like a secure tunnel built in the ocean. Files you send with a VPN are secure and although, “in the ocean” they are hidden from prying eyes.
There’s two kinds of VPNs you can use. An IPSEC VPN requires each computer that wants to access your VPN to have a small program installed – and you’ll see what problems could happen. An SSL VPN is a “client-less” VPN and only requires access to a web browser.

Santa Barbara Charter flies all over the western United States, everywhere between San Diego, California and Denver, Colorado. With more than 20,000 airports to choose from, the pilots find themselves every week in a variety of hotels and airports each administrating its own Internet security precautions. To stay in touch with the schedule, pilots require a remote access solution capable of functioning under a wide range of Internet security measures. Since only two hours advance notice is required to book a flight, a reliable connection is paramount for the charter company’s success. And though business for Santa Barbara Charter continues to climb, other remote access solutions afforded by larger corporations remain financially infeasible.
Prior to using a VPN solution from FirePass, Santa Barbara Charter tried several different ways to link personnel with the server. They attempted using an IPSec VPN, but because of different firewalls and Internet safeguards among hotels and airports the method worked in some places and not in others; even when traveling within the same hotel chain. Pilot Mike Healey would spend hours trying to navigate through hotel firewalls in preparation for the next day’s flight and jokes he started keeping track of which hotels he could connect at and which ones he could not.
In addition to an IPSec VPN, the charter company also tried using a thin-client remote access solution. They encountered similar results as they did with IPSec plus additional complications. Once establishing a connection with the thin-client remote process, users could see the schedule and their emails but the data itself stayed on the server. After the session, unless the information was cut and pasted into a new document, schedule updates and email were not saved on the pilots’ laptops. Security was also more of a concern.
“When someone was traveling, I would almost always get calls,” said Brenda Terry, IT Administrator for Santa Barbara Charter. “I quickly had to come up with some pretty creative ways to solve the problem, which was frustrating both to me and the users.”
Yet despite even the noblest efforts, linking with the server occasionally became an impossible task. Neil Myers, President of Santa Barbara Charter, recalls an instance when he spent an entire evening trying to hook up to the server in preparation for a meeting the next day. “I was on the phone for hours, including hotel IT,” said Myers. “In the end, it didn’t work and I went unprepared.”
After dealing with remote access dilemmas for too long, Santa Barbara Charter decided to look into alternatives. To relieve their trouble with obtaining consistent secure access to their server, the charter business chose to implement F5’s FirePass 600 SSL VPN as an affordable and practical remedy.
By employing FirePass 600 pilots gain access to the server using a SSL VPN in conjunction with their standard Web browser. The method lets remote users link through a Web based interface to the FirePass 600 controller. The controller, a box roughly the size of a hard bound book onsite with the server, then checks the authenticity of the user and connects them with Santa Barbara Charter’s server.
Since the technology supports multiple platforms and requires only a Web browser and an Internet connection to function, traveling employees gain access to the server virtually anywhere. “Once, while at the Salt Lake City airport I was without my laptop,” said Myers. “So, I went to a kiosk there, typed in the URL and set up FirePass.”
The hotel and airport firewalls that normally blocked Myers and his colleagues’ attempts to access the flight schedule no longer encumber the charter company because of the SSL encryption FirePass utilizes. Standard HTTPS protocol supports SSL transport and all public access points, private LANs and networks permit HTTP proxies. Not all networks, however, allow for IPSec and other remote access proxies.
Besides increasing accessibility, the SSL protocol brings with it a few other advantages. Before FirePass, Terry constantly received complaints of how slow the connection speeds would be. Large attachments frequently bogged down the link and often caused the connection to lock up. “FirePass stream lines everything up,” said Terry. “Because SSL compresses and encrypts data, information travels faster and we can securely access large amounts of data, which is good in a business environment.”
“My computer used to lock up all the time,” said Healey. “I would have to call IT and sometimes wait more than an hour before I could finally connect. With FirePass there are no more lock-ups.”
The SSL protocol is also one of the reasons why user software does not need to be loaded onto each machine within Santa Barbara Charter’s network. All Web browsers support HTTPS, therefore no FirePass software needs to be installed on users’ computers. Indeed, since all Web browsers support SSL, the pilots can access the server using any Web enabled device from desktops to pocket PCs.
Healey appreciates the ease of FirePass. With a reliable method of remote access he no longer worries about having to link to the server and can focus more on flying. “The simplicity of FirePass is really nice,” said Healey. “Your computer works just like normal and you don’t even know FirePass is there.”
But no one welcomes the simplicity of FirePass more than Terry. Other remote access techniques took hours, sometimes days to set up and fine tune, but still she would get calls from frustrated users. Terry completed setting up and testing FirePass in less than three hours, and subsequently decreased support time by 10 hours a month. “The longest process,” said Terry “was getting the SSL secure server certificate. A beginning level network engineer can easily set it up in less than 30 minutes. It’s very user friendly.”
Implementing FirePass relieves some of Terry’s network security headaches as well. With her administrator login, Terry defines which security precautions, patches and service packs remote computers must be employing to gain access to the server. If a user tries linking to the server using a computer with sub par security settings FirePass will deny the user access.
Furthermore, as an administrator, Terry can view detailed reports containing the entry logs of remote users. Terry can also monitor who is linked to the server, how long they have been connected and their utilization, send messages to users and even disconnect a user.
Terry and the rest at Santa Barbara Charter are pleased with their new remote access solution. “FirePass is the only solution that has worked consistently,” said Terry. “It’s the easiest to set up and manage and fits perfectly with all of our needs.”