Chapter 3. How SSL VPNs Work

As described in Chapter 1, SSL VPN products allow users to establish secure remote-access sessions from virtually any Internet-connected web browser. Delivering the ability for people to access e-mail, critical information systems, files, and other network resources from virtually anywhere is not a trivial task. Despite often appearing to onlookers as simple devices, SSL VPNs employ complex and advanced technology.

At present, there are no official standards for SSL VPN technology (other than for SSL, HTTP, and other SSL VPN subcomponents). The few third-party SSL VPN 'certifiers' that exist, primarily examine features, not the internal mechanisms of delivering those features. With a highly competitive climate currently present in the SSL VPN market, vendors are also reluctant to disclose the details of the inner workings of their products. Yet, even without official information from each vendor, it is possible to understand SSL VPN technology. Every offering in the market faces similar challenges in providing web-based remote access. As a result, the basic technology utilized by SSL VPN products exhibits many common attributes across products. As such, in Chapter 2 we will explore the internal workings of SSL VPN technology not from the perspective of any particular offering, but rather from a generic approach.

There are many complex technologies utilized by SSL VPNs, many of which designers, administrators, and users of SSL VPNs need not be intimately familiar with in order to understand SSL VPN. The intention of this chapter is to provide the reader with an overview of how SSL VPN technology works and provide sufficient information about each component of SSL VPN technology. Enough information is provided to understand SSL VPN, though we will not cover every detail about every technology subcomponent.