Computerworld - For several years, my company used Microsoft Corp.'s Point-to-Point Tunneling Protocol (PPTP) to provide remote users with VPN access to corporate resources. This worked well, and almost all employees who had PPTP permissions were comfortable with this method. But after several security problems with PPTP were reported, we decided about a year ago to deploy virtual private network concentrators from Cisco Systems Inc. at all of our core points of presence.
We ran things in parallel for about six months to let users get used to this new way of connecting. Users were instructed to download the Cisco VPN client and associated profile and start using the Cisco client. During that period, if the users had problems, they could always fall back on the PPTP connection until the issue was resolved.
That option disappeared about a month ago, though, when we pulled the plug on our PPTP servers. Now, all users have to use the Cisco VPN client. Many global e-mail messages were sent to users about this impending action, but by the time we were ready to retire our PPTP servers, several hundred users were still using it. We tried to advise each of them of the change, but about 50 were traveling, on vacation or otherwise out of reach. This wasn't so bad, considering that we have more than 7,000 employees using the VPN. Our company has a global presence, so some users we have to communicate with don't speak English and work out of their homes on the other side of the world.
Now we have a new set of issues. A particularly loud group in the company is reporting problems with the Cisco VPN client. These users are mostly in sales and need access to demos on the network and sales databases. What makes them loud is that they generate revenue, so they usually get what they want.
The problem is that customers block the ports necessary for the VPN clients to communicate with our VPN gateways. Similar difficulties are experienced by users in hotel rooms for the same reason. This isn't a Cisco issue, mind you; almost any IPsec VPN client would have similar problems.
Meanwhile, we have had numerous requests for access to corporate mail from kiosks. Users have said that when they can't use their company-issued computer -- be it at a conference or a coffee shop -- they would like to be able to get into their Microsoft Exchange e-mail and calendar.
We have contemplated extending Microsoft Outlook Web Access externally, but
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
