Next month, customers will be able to buy FiberLink Internet remote-access services that are protected by Secure Sockets Layer technology, expanding the provider's secure remote-access options beyond traditional IP Security VPNs.

Managed SSL Solution will give customers access to corporate networks via the Internet from any computer that has an SSL-enabled Web browser, and access will be secured by a server that proxies between the remote user and servers at corporate sites.

FiberLink will place Neoteris Instant Virtual Extranet (IVE) proxy boxes at customer sites and manage them. Remote users will authenticate to the box and be granted access based on policies preset by the customer.

The service might be attractive to support employees who want to work from home using their own PCs, says Prashant Vaidya, IT manager for biotechnology firm Qiagen in Valencia, Calif. The firm has more than 200 users signed up for FiberLink's IPSec VPN service. With SSL, the company would not have to issue client software to these machines, avoiding distribution and management burden, Vaidya says.

In addition, the SSL service would not require any reconfiguration of the company firewall because it uses only the standard SSL port, which generally is kept open, he says. Qiagen is considering installing a new firewall, and integrating it with the VPN service is a factor Vaidya says he has to consider in setting it up.

Dealing with clients for the VPN service will not be a major chore, he says, because FiberLink will handle updates to it. Qiagen installed the clients initially, and Black Ice personal firewalls were added to the VPN service later.

Neoteris has given FiberLink access to a new API it has developed for its IVE software to be integrated with software written by business partners. In the partnership with FiberLink, the API lets FiberLink software check that the remote machine has proper security configurations and then dictate whether the IVE software should allow access. The configuration check is already part of FiberLink's other services.

The companies say they are working on software that can place remote computers into four categories ranging from trusted to untrusted and to give a different set of access rights to each category. So policies could be set that if a single user logs on from a company-issued laptop, he would get access to a complete list of applications. If the same user logs on from an Internet kiosk, he would get access to a much-restricted set of resources.