ONE SIZE DOES NOT FIT ALL
Norwich's evolutionary path is common among large organizations with diverse populations. While early remote access solutions like modem pools and IPsec VPNs worked for homogenous communities of modest size, most organizations eventually ran into scalability, usability and cost barriers.

"Originally we had dial-up servers, but that only allowed access by employees, not students," says Quelch. "We then added a Cisco VPN for administrators to manage systems remotely. When things were small, support was fine."

Norwich ran into trouble when expanding this IPsec VPN to staff that needed database access and rural faculty connected by satellite Internet. "That became cumbersome and difficult to support. The VPN client didn't interact well with Active Directory, login scripts, printers and mapped drives. For users with satellite connections, there was too much lag and VPN connections dropped," says Quelch.

To overcome these problems, Norwich deployed an Aventail SSL VPN. "That was great, because all we had to give users was a URL, login ...

But new technologies tend to address IT pain by making simple assumptions, thereby imposing other limitations. For example, as SSL VPN usage grew, so did administrative costs. "We tried all three types of Aventail access," says Quelch. "The installed client required admin rights. The download-on-demand client sometimes got corrupted. The ordinary SSL session was limited to GUI applications only."

As the university expanded its Web presence, it deployed Citrix NetScaler, which allowed it to provide secure Web portal access to non-Web legacy applications by opening just two ports. However, while portals could present GUI applications to offsite users, they could not deliver client/ server access to applications like Oracle databases.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   NEXT PAGE  >