+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 21 of 21
*nix Thread, Remote Access to School System - Using SSL Explorer READHERE in Technical; IPSEC looked as if it was going to take longer to implement. But I'm not using it in a production ...
  1. #16
    Joedetic's Avatar
    Join Date
    Jan 2006
    Location
    Walsall
    Posts
    1,316
    Thank Post
    6
    Thanked 13 Times in 13 Posts
    Rep Power
    21

    Re: Remote Access to School System - Using SSL Explorer READHERE

    IPSEC looked as if it was going to take longer to implement. But I'm not using it in a production environment, it was just for testing and teaching myself at the time (also gaining SSH to a remote server from the uni halls because they blocked the protocol for a rediculous reason.)

    Now you've linked me to that site...i'm going to have to change LOL *Adds to list of things to try*

  2. #17

    Join Date
    Mar 2006
    Posts
    537
    Thank Post
    2
    Thanked 3 Times in 2 Posts
    Rep Power
    18

    Re: Remote Access to School System - Using SSL Explorer READ

    Quote Originally Posted by Joedetic
    It /does/ look interesting but what is the advantage over an existing PPTP VPN? The browser based access?
    The advantage of SSL VPN is that easier to configure than IPSec and play nicer with firewalls because you already use HTTPS for VLEs, DfES websites etc

    Have a look at this article> it covers a lot of the issues involved.

    It doesn't like client-less (i.e. browser based) SSL VPN solutions such as SSL Explorer because of the breakdown in the trust model. Traditional VPN solutions like IPSec and OpenVPN normally require the IT department to install software and therefore pre-screen clients before connection to the internal network.

    On the otherhand browser based VPN do have an advantage in that the end users intact with an application server serving up ActiveX or Java applets rather than have direct access to the internal network.

  3. #18

    Join Date
    Feb 2007
    Location
    Birmingham
    Posts
    1
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Re: Remote Access to School System - Using SSL Explorer READHERE

    In a primary school the caretaker wants to connect to the CCTV security system from his house; would you recommend SSL Explorer for this?
    They have Windows 2000/2003 servers for Admin and Curric, should we install on one of these, or on the PC running the CCTV.

  4. #19

    m25man's Avatar
    Join Date
    Oct 2005
    Location
    Romford, Essex
    Posts
    1,607
    Thank Post
    49
    Thanked 444 Times in 330 Posts
    Rep Power
    136

    Re: Remote Access to School System - Using SSL Explorer READ

    Not wanting to split hairs but..

    These products all use the term VPN however many implementations only use the "Reverse Proxy" elements.
    SSL is used to create a tunnel from client to appliance, a log in process is initiated and based upon a combination of rules, certificates and policies the remote user is permitted or denied access to a selection of redirected(proxied) services.

    The VPN service requires the installation on the clients pc a VPN client, normally provided through an active x or java based applet, assuming the user has the ability and the policy of the local machine permits it.
    Once installed the remote user recieves an ip either on the school network or from a routed segment/dmz.

    The best part is that those "untrusted" users (staff/kids) can be granted access to internal services without the need to install a full vpn.
    Whilst others (eg. network managers and support companies) can gain full access to the network.

    Sounds brilliant, and indeed it is.
    Personally I prefer the appliance approach, Netgear's SSL-312 device can do it for less than £200 and Sonicwalls for £300 both setup easily are fully AD integrated without the need to mess with PC's, Servers, Linux and 3SP's rather crippled (but Free) implementation of Open SSL.

    However, there are a few caveats that you should be aware of when choosing SSL-VPN as a remote access solution.
    Firstly, URL obscufication will cause big problems with some implementations of web services (ISA/Sharepoint etc) meaning that some links will not resolve over a reverse proxy. Thus access to a Sharepoint system or VLE via the reverse proxy alone may be impossible, the client would have to have full VPN in order to use the resource and this may not be the required solution in a school.
    In such a case direct access to the Sharepoint server via ISA (which can handle the URL redirects) is the better solution.

    Secondly SSL has a high processing overhead, and the smaller appliances do not deliver the required throughput or power to deliver some services such as OWA Premium, only Basic, which is pretty pants!
    So if you intended to deliver this service on a large scale you will need to select your appliance/vpn host equipment carefully.

    Thirdly, many of these functions will be assimilated by Server 2008's Terminal Server Gateway Services and RRAS enhancements and the next version of ISA will also contain SSL-VPN capabilaties (M$ bought out Whale Communications in 2006 a leading SSL-VPN manufacturer).

    I love SSL-VPN however having implemented many of them in all sorts of flavors each one has some kind of limitation that inevitably messes up how you planned for it to work! As a result I still find I have to have a logmein.com account handy to save the day.

  5. #20

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    12,959
    Thank Post
    586
    Thanked 1,493 Times in 1,339 Posts
    Rep Power
    397

    Re: Remote Access to School System - Using SSL Explorer READHERE

    There will also be SSL VPN functionality in Smoothwall Corporate Firewall 3 due for release in november.

    Ben

  6. #21
    monkeyx's Avatar
    Join Date
    Nov 2006
    Posts
    364
    Thank Post
    8
    Thanked 52 Times in 41 Posts
    Rep Power
    25
    Can I point anyone ineterested in this projec to to this post. If you are interested in helping please reply to the post in the link and not this one.

    Confusing or what

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. Remote Access - How?
    By Zoom7000 in forum Wired Networks
    Replies: 34
    Last Post: 1st February 2012, 12:43 PM
  2. Replies: 1
    Last Post: 25th May 2011, 01:14 PM
  3. What do you think of your school's MIS system?
    By schoolzone in forum MIS Systems
    Replies: 2
    Last Post: 8th August 2007, 02:15 PM
  4. Add VirusScan to Explorer system tasks
    By thom in forum Windows
    Replies: 4
    Last Post: 17th October 2006, 08:27 AM
  5. Remote Access
    By ajbritton in forum How do you do....it?
    Replies: 6
    Last Post: 26th September 2005, 12:48 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •