List of the Common SSL VPN Terms and Components

Components	Description
ActiveX	An open integration platform that provides developers and users a fast and easy way to create integrated programs and content for the Internet and Intranets; rather used within Microsoft environments.
ActiveX Control	A component (or object) that Microsoft programs like Internet Explorer are designed to be able to interact with it(e.g. an ActiveX control can be automatically downloaded and executed by IE to run Flash as IE by itself cannot execute Flash); comparable to Java Applets but rather operates on IE and Windows.
ActiveX-based Client for popular applications	Used within the Thin Client mode to provide on-the-fly the users with popular application clients(RDP, SSH, VNC, etc.); similar with the Java-based clients but rather compatible with Internet Explorer browsers.
ActiveX Control for tunneling	Used in the Thin Client mode with Application Forwarding and Port Forwarding to tunnel TCP or UDP traffic for client-server applications; compatible with Internet Explorer browsers.
Application Forwarding	A form of tunneling TCP or UDP traffic over SSL from the client to a server behind the VPN gateway(which acts as a TCP or UDP relay); part of the Thin Client mode and used for client-server applications. Similar with Port Forwarding however a local application’s traffic is tunneled; can handle better applications using multiple ports.
Application Proxying	The VPN gateway proxies application layer protocols like POP3, IMAP, HTTP or STMP.
Bookmarks	For users to quickly access applications on the portal page a bookmarks list exists containing IPs, names, URLs or application links.
Browser	SSL capable, with JavaScript and cookies enabled; serves as the universal VPN client, part of the Clientless Access mode.
Clientless Access Mode	A mode which uses the browser as the universal VPN client; typically access to web applications is provided, meaning almost any service that has a web interface.
Connectivity Issues	Typically remote access is associated with connectivity issues since users connect from many places; ports or protocols can be filtered by firewalls and web proxies. Usually TCP port 80(HTTP) and 443(HTTPs) are allowed outbound from various locations; SSL VPNs tend to use TCP port 443 for better connectivity.
Cookie	Also known as an HTTP cookie, web cookie, or browser cookie; used by a website to send state information to a browser and by the browser to return the state information to this website. The state information can be used for authentication, identification of a user session, user's preferences, etc.
Endpoint Security	Compliance: detects if the machine is managed or unmanaged, meets the minimum requirements(OS, firewall, antivirus, etc). Based on the resulted profile the type of access allowed is determined. Control: a way to secure the end user environment. Browser history/cache cleaner and cookie control or a virtual desktop can be provided.
Granular Access Control	The VPN gateway can enforce control from IP addresses to application layer information; access is allowed per user or group of users.
High Availability	Allows a couple of appliances to provide a reliable, continuous connection for remote access VPN services.
Java	One of the most popular programming languages; intended to let developers "write once, run anywhere" applications.
Java Applet	A small program delivered to users in the form of Java bytecode.
Java Applet for tunneling	Used in the Thin Client mode with Application Forwarding and Port Forwarding to tunnel TCP or UDP traffic for client-server applications; compatible with many browsers assuming Java Runtime Environment is present on the users’ machines.
Java Applet for popular applications	Used in the Thin Client mode to provide on-the-fly the users with popular application clients(RDP, SSH, VNC, etc.); compatible with many browsers assuming Java Runtime Environment is present on the users’ machines.
Java Runtime Environment	Or Java Virtual Machine(JVM); Java achieves portability by translating a program’s source code into an intermediate language called bytecode. This is executed by the Java Virtual Machine. As a result a Java program can run in almost any environment where JVM is available.
JavaScript	A scripting language; implemented as part of a web browser in order to provide enhanced user interfaces and dynamic websites.
Mobile SSL VPN	SSL VPN for mobile devices(smart phones, tablets, etc).
NAT Traversal	A techniques to establish and maintain IP connections traversing network address translation (NAT) gateways; some protocols like IPsec ESP cannot be translated by NAT devices without modifications to the NAT devices(IPsec helper) or to IPsec itself(NAT-T). Since SSL VPNs operate at the transport layer using TCP or UDP(DTLS) for transport they do not have many issues with NAT devices.
Network Roaming	The ability of the VPN session to provide uninterrupted access to resources when the users move from one network to another(e.g. from wired LAN to wireless LAN).
Port Forwarding	A form of tunneling TCP or UDP traffic destined to a certain port over SSL from the client to a server behind the VPN gateway(which acts as a TCP or UDP relay); part of Thin Client mode and used for client-server applications.
Portal	A web interface from where VPN users can access the authorized services; acts as the workplace.
Protocol Translation	In order to enable the VPN users to access file shares through a web interface( browser-based access) the VPN gateway can do HTTP to FTP or HTTP to CIFS protocol translation.
Reverse Proxy	Provides access to web applications; rewrites URLs on the fly and can delegate users’ credentials to backend applications to achieve SSO(Single Sign On) experience.
SSL	Provides secure data transport over hostile networks. Used to authenticate the server and optionally the client. Normally uses TCP as the transport protocol; in some cases UDP is used(for DTLS).
SSL Offloading	As a hardware appliance the VPN gateway can perform SSL acceleration or SSL termination to relieve a web server from the process of encrypting and decrypting SSL traffic.
SSL VPN Gateway Management Interface	Normally a SSL VPN gateway offers an easy to use graphical management interface(often web based). This simplifies the configuration and deployment of the SSL VPN solution. Some SSL VPN gateways can be configured from the CLI though.
Thin Client Mode	A middle mode between the Clientless Access Mode and the Tunnel Mode possible through downloaded Java Applets or ActiveX Controls which tunnel client-server TCP or UDP traffic; some vendors offer standalone versions of such clients.
Tunnel Mode	Or network extension; provides network level access similar with the one provided by traditional VPNs.
Virtual Assistance	Allows technicians to provide remote support to users giving them control over the users’ machines; users may request technical support from the portal.
VPN Appliance	The VPN gateway can be offered as an easy to use appliance, either hardware or virtual appliance; for plug-and-play deployment scenarios.
VPN Client	The client used in the Tunnel Mode to provide network level access; this can be downloaded from the portal.
WAF	Web Application Firewall; a module used to provide protection for web applications.

Components

Description

ActiveX

An open integration platform that provides developers and users a fast and easy way to create integrated programs and content for the Internet and Intranets; rather used within Microsoft environments.

ActiveX Control

A component (or object) that Microsoft programs like Internet Explorer are designed to be able to interact with it(e.g. an ActiveX control can be automatically downloaded and executed by IE to run Flash as IE by itself cannot execute Flash); comparable to Java Applets but rather operates on IE and Windows.

ActiveX-based Client for popular applications

Used within the Thin Client mode to provide on-the-fly the users with popular application clients(RDP, SSH, VNC, etc.); similar with the Java-based clients but rather compatible with Internet Explorer browsers.

ActiveX Control for tunneling

Used in the Thin Client mode with Application Forwarding and Port Forwarding to tunnel TCP or UDP traffic for client-server applications; compatible with Internet Explorer browsers.

Application Forwarding

A form of tunneling TCP or UDP traffic over SSL from the client to a server behind the VPN gateway(which acts as a TCP or UDP relay); part of the Thin Client mode and used for client-server applications.
Similar with Port Forwarding however a local application’s traffic is tunneled; can handle better applications using multiple ports.

Application Proxying

The VPN gateway proxies application layer protocols like POP3, IMAP, HTTP or STMP.

Bookmarks

For users to quickly access applications on the portal page a bookmarks list exists containing IPs, names, URLs or application links.

Browser

SSL capable, with JavaScript and cookies enabled; serves as the universal VPN client, part of the Clientless Access mode.

Clientless Access Mode

A mode which uses the browser as the universal VPN client; typically access to web applications is provided, meaning almost any service that has a web interface.

Connectivity Issues

Typically remote access is associated with connectivity issues since users connect from many places; ports or protocols can be filtered by firewalls and web proxies. Usually TCP port 80(HTTP) and 443(HTTPs) are allowed outbound from various locations; SSL VPNs tend to use TCP port 443 for better connectivity.

Cookie

Also known as an HTTP cookie, web cookie, or browser cookie; used by a website to send state information to a browser and by the browser to return the state information to this website. The state information can be used for authentication, identification of a user session, user's preferences, etc.

Endpoint Security

Compliance: detects if the machine is managed or unmanaged, meets the minimum requirements(OS, firewall, antivirus, etc). Based on the resulted profile the type of access allowed is determined.
Control: a way to secure the end user environment. Browser history/cache cleaner and cookie control or a virtual desktop can be provided.

Granular Access Control

The VPN gateway can enforce control from IP addresses to application layer information; access is allowed per user or group of users.

High Availability

Allows a couple of appliances to provide a reliable, continuous connection for remote access VPN services.

Java

One of the most popular programming languages; intended to let developers "write once, run anywhere" applications.

Java Applet

A small program delivered to users in the form of Java bytecode.

Java Applet for tunneling

Used in the Thin Client mode with Application Forwarding and Port Forwarding to tunnel TCP or UDP traffic for client-server applications; compatible with many browsers assuming Java Runtime Environment is present on the users’ machines.

Java Applet for popular applications

Used in the Thin Client mode to provide on-the-fly the users with popular application clients(RDP, SSH, VNC, etc.); compatible with many browsers assuming Java Runtime Environment is present on the users’ machines.

Java Runtime Environment

Or Java Virtual Machine(JVM); Java achieves portability by translating a program’s source code into an intermediate language called bytecode. This is executed by the Java Virtual Machine. As a result a Java program can run in almost any environment where JVM is available.

JavaScript

A scripting language; implemented as part of a web browser in order to provide enhanced user interfaces and dynamic websites.

Mobile SSL VPN

SSL VPN for mobile devices(smart phones, tablets, etc).

NAT Traversal

A techniques to establish and maintain IP connections traversing network address translation (NAT) gateways; some protocols like IPsec ESP cannot be translated by NAT devices without modifications to the NAT devices(IPsec helper) or to IPsec itself(NAT-T). Since SSL VPNs operate at the transport layer using TCP or UDP(DTLS) for transport they do not have many issues with NAT devices.

Network Roaming

The ability of the VPN session to provide uninterrupted access to resources when the users move from one network to another(e.g. from wired LAN to wireless LAN).

Port Forwarding

A form of tunneling TCP or UDP traffic destined to a certain port over SSL from the client to a server behind the VPN gateway(which acts as a TCP or UDP relay); part of Thin Client mode and used for client-server applications.

Portal

A web interface from where VPN users can access the authorized services; acts as the workplace.

Protocol Translation

In order to enable the VPN users to access file shares through a web interface( browser-based access) the VPN gateway can do HTTP to FTP or HTTP to CIFS protocol translation.

Reverse Proxy

Provides access to web applications; rewrites URLs on the fly and can delegate users’ credentials to backend applications to achieve SSO(Single Sign On) experience.

SSL

Provides secure data transport over hostile networks. Used to authenticate the server and optionally the client. Normally uses TCP as the transport protocol; in some cases UDP is used(for DTLS).

SSL Offloading

As a hardware appliance the VPN gateway can perform SSL acceleration or SSL termination to relieve a web server from the process of encrypting and decrypting SSL traffic.

SSL VPN Gateway Management Interface

Normally a SSL VPN gateway offers an easy to use graphical management interface(often web based). This simplifies the configuration and deployment of the SSL VPN solution. Some SSL VPN gateways can be configured from the CLI though.

Thin Client Mode

A middle mode between the Clientless Access Mode and the Tunnel Mode possible through downloaded Java Applets or ActiveX Controls which tunnel client-server TCP or UDP traffic; some vendors offer standalone versions of such clients.

Tunnel Mode

Or network extension; provides network level access similar with the one provided by traditional VPNs.

Virtual Assistance

Allows technicians to provide remote support to users giving them control over the users’ machines; users may request technical support from the portal.

VPN Appliance

The VPN gateway can be offered as an easy to use appliance, either hardware or virtual appliance; for plug-and-play deployment scenarios.

VPN Client

The client used in the Tunnel Mode to provide network level access; this can be downloaded from the portal.

WAF

Web Application Firewall; a module used to provide protection for web applications.

Internet Security

Have a Question?
Our SSL VPN Experts We Can Help!
Contact Us Now.

You're currently on:

List of the Common SSL VPN Terms and Components

Hardware Appliance

Virtual Appliance

Firewall & VPN

Browse
Hardware Appliances

Browse
Virtual Appliances

Browse
VPN Firewall Appliances

Have a Question?

Phone: 855.265.9746
Email: sales@sslvpn.com
Live: Online Chat

Thank You.

Internet Security

Have a Question?Our SSL VPN Experts We Can Help! Contact Us Now.

You're currently on:

List of the Common SSL VPN Terms and Components

Hardware Appliance

Virtual Appliance

Firewall & VPN

Browse Hardware Appliances

Browse Virtual Appliances

Browse VPN Firewall Appliances

Have a Question?

Phone: 855.265.9746 Email: sales@sslvpn.com Live: Online Chat

Thank You.

Have a Question?
Our SSL VPN Experts We Can Help!
Contact Us Now.

Browse
Hardware Appliances

Browse
Virtual Appliances

Browse
VPN Firewall Appliances

Phone: 855.265.9746
Email: sales@sslvpn.com
Live: Online Chat