Virtual private networks built on the Web's secure sockets layer (SSL) are tipped as the hottest way to give employees and business partners access to corporate applications. Aventail, one of the first in this field as a service-provider, has moved into hardware, to provide a specialised SSL VPN appliance. Virtual private networks use encryption to make a secure path across the Internet. Because SSL encryption is available in Web browsers, VPNs based on SSL can be used without special client software, even from kiosks and Internet cafés. SSL VPNs will be a big part of the overall VPN market, according to analysts. "The SSL VPN market will surge to $871m in 2005," said Jeff Wilson, executive director of analyst firm Infonetics Research. The total VPN market will be $4.8bn in that year, he believes. And VPNs are continuing to grow, even in the current downturn, with VPN and firewall revenue of $668m in the third quarter of 2002. "End-users all over the world are moving from a model of centralised Internet connectivity to distributed connectivity," said Wilson. VPNs were first used for employees working at home or in remote offices. They have been used more and more by mobile executives to access corporate applications where security is important, but the first VPN implementations required the user to carry a laptop, since client software was required to make the VPN link. Despite breaking this limitation, SSL VPNs were seen at first as more limited than those based on the IPSec encryption standard. The first implementations would only work with Web-based applications, or with client-server applications that had a front-end such as Citrix Metaframe. Aventail claims its EX-1500 appliance gets round these limitations. "This can actually replace IPSec VPNs, allowing users to move their IPSec equipment to encryption on permanent LAN-to-LAN links," said Jude O'Reilly, director of product marketing at Aventail. The company has provided SSL VPNs as a managed service called iPass for four years, and provides the service to around 400 corporations. Services so far have been based on bespoke racks of Sun hardware; the appliance makes this easier to set up and should open up a larger market. It also adds new functions, including a Java agent called Aventail OnDemand, which allows connections to more client-server applications, and a DIY corporate portal called ASAP Workplace. The portal is for users who do not yet have an intranet -- a Web-based internal company information service -- and allows them to build one quickly. "The product includes Web File Access, whereby users can find files on their office systems," said O'Reilly. "At the moment, people are mailing things to their Hotmail account if they want to work on them outside the office, and IT departments are turning a blind eye to the security risk." The product also has a management console, to handle user privileges easily, and managed versions of the product are available. Aventail joins a crowded market of SSL VPN appliances competing against products such as Netilla, which is distributed in the UK by Lansition, and Neoteris, whose IVE also uses SSL for remote access. "Our competitors have less experience," said O'Reilly. "We are on version 6 of the product. Many of the others are limited to Citrix -- we let you get access to Citrix but are not limited to that." "SSL VPNs will be the dominant method for remote access and extranet VPNs," said O'Reilly. "IPSec will focus on securing site-to-site VPNs." The product costs £18,000 for 50 concurrent users -- probably enough to support a population of 500 potential users, said O'Reilly -- and can be expanded up to 1,000 users. Aventail expects to sell it through channel partners and integrators in the security field, but has no names signed up in the UK at this point.