Tuesday, December 16, 2008

The Secure Socket Tunneling Protocol

 

The New VPN Solution

...

As you can see, there are a number of issues around VPN protocol operation in Windows XP and Windows Server 2003. The good news is that SSTP in Windows Server 2008 and Windows Vista Service Pack 1 solves these VPN connectivity problems by using HTTP over secure sockets layer (SSL). SSL is also known as Transport Layer Security (TLS). HTTP over SSL on TCP port 443 is the protocol that has been used on the Web for some time for collecting credit card numbers and other private data. Whenever you connect to a Web address that begins with https:, you are using HTTP over SSL.

Using HTTP over SSL solves many VPN protocol connectivity problems—firewalls, NATs, and Web proxies typically allow this type of traffic because it’s so widespread.

SSTP uses an HTTP-over-SSL session between VPN clients and servers to exchange encapsulated IPv4 or IPv6 packets. Note that an HTTP-over-SSL-based remote access VPN connection is different from the connection made by an application that uses HTTP over SSL. For example, Outlook® Web Access (OWA) lets you access your Microsoft Exchange e-mail at your enterprise over the Internet. OWA uses an HTTP over SSL-encrypted session, but this is not the same as a remote access connection. Although you can view your e-mail with OWA, you can’t reach the location of an intranet URL that is embedded within an Exchange e-mail message.

(SSTP does not support authenticated Web proxy configurations, in which the proxy requires some form of authentication during the HTTP Connect request.)

An HTTP-over-SSL implementation in Windows can substantially lower the cost of maintaining your remote access solution. For example, HTTP over SSL results in fewer help desk support issues and eliminates issues related to VPN servers being placed behind NATs. And, since SSTP works just about everywhere, users are happier and more productive.

Because SSTP is built into Windows, you don’t have to be concerned with third-party VPN client software to install and manage on client computers, or with extra software to install on the VPN server. Additionally, SSTP can provide better load balancing of VPN connections through available SSL load balancers.

...

The Cable Guy: The Secure Socket Tunneling Protocol

No comments:

Blog Archive