QUICK LINKS

NeoAccel™ Advantage View Download Library How to Buy
Call +1 (408) 274 8000 or Email sales@neoaccel.com

News & Events

Publication Date: 11 February 2005

By Kevin Murphy

NeoAccel Inc comes out of stealth mode in the US today, late to the SSL VPN market but promoting technology it says make SSL VPNs faster and more reliable, making them more suited for wireless networks.

Company founder Michel Susai, who previously found success with NetScaler Inc, says NeoAccel's SSL-VPN-Plus™ can enable full network access over SSL without causing "TCP-over-TCP" meltdown, as he claims competing products do.

The firm plans to take its technology to the OEM market, plans to be "the next Check Point", and thinks there's still time to grab market share from the likes of Juniper Networks, F5 Networks, Whale and Aventail.

SSL VPNs have become popular because they do not require client software to be manually installed on each PC that needs to access the network, as IPSec VPNs do. Data is tunneled over SSL, a built-in feature of Windows browsers.

This is especially useful for web-enabled applications such as email. For client-server applications, SSL VPN vendors typically have gateway adapters and client-side proxies that are installed via ActiveX or Java.

For full network access comparable to an IPSec connection, vendors have these ActiveX controls tunnel the client application's TCP connection over the SSL connection. That SSL connection then travels over its own TCP connection to the gateway.

That's TCP-over-TCP, Susai said, which is "very clumsy" and susceptible to "meltdown". The internet is a lossy network, and if one of the TCP connections loses a packet, both connections have to work to retrieve the missing data.

This slows down connection speeds, Susai said, and can cause timeouts that can in turn cause the session to collapse, forcing the user to re-authenticate. This is especially problematic on wireless LANs, which are less reliable, he said.

"If you lose any TCP packet on any connection, you not only have to retrieve that packet, you have to retrieve two TCP sessions," he said. "In a wireless environment, the session could be terminated and you have to restart the session again."

SSL VPNs have been touted as a complement to traditional IPSec VPNs, but rarely do vendors claim customers can throw out their old IPSec technologies when they buy an SSL VPN gateway. Susai does claim that.

NeoAccel is branding its technology Intelligent Connection Acceleration Architecture. ICAA, Susai said, does not use the second TCP tunnel. Instead, its ActiveX control intercepts data at a different level of the stack.

Instead of intercepting the TCP session and tunneling it over SSL, ICAA's client piece grabs the application data before it becomes a TCP session, and tunnels that over SSL to the gateway, which creates the TCP session to the application server.

It's complex stuff, but Susai said it's already being used in early customers with success. The San Jose, California-based company has already launched in Japan, and plans to demonstrate the technology at the RSA Conference in San Francisco next week.

NeoAccel plans to make the software available through OEMs primarily, using a model Susai compared to the one employed by Check Point to great success. It has been tested with all the major hardware, processors and SSL accelerator cards, Susai said.

"There are 150 IPSec companies out there that still don't have an SSL VPN," he said. "If we get 20 OEMs we could make $40m next year."