Communication between computers creates a point of vulnerability with respect to the security of the data traffic and, in some cases, even the endpoint computers themselves. Many techniques are available for addressing network security. Techniques exist for protecting application-to-application communication on a single logical connection, such as secure socket layer (SSL), often used for web browser to web server hypertext HTTP traffic. Other techniques exist to protect all data traffic between endpoints by protecting the network connection itself, rather than traffic between two applications. Examples of this are several forms of virtual private network, such as Point-to-Point Tunneling Protocol (PPTP) and Layer Two Tunneling Protocol (L2TP)/Internet Protocol Security (IPSec). A virtual private network encrypts at one end and decrypts at the other to secure all traffic between the endpoints from listening and man-in-the-middle attacks.
However, such secure protocols often require special set up, such as IPSec certificates or use not standard ports that tend to be blocked by firewalls at a corporate level. Tunneling traffic may be blocked at an Internet Service Provider (ISP) that blocks Generic Routing Encapsulation (GRE blocking). Yet another inconvenience to tunneled protocols is the use of network address translation (NAT) with locally-assigned IP addresses.
Additionally, even when a secure channel is created, an interruption in the lower-level connection, by either a routine timeout or network problem, may strand the upper level application connections. Recovering from such an interruption in service often requires application-to-application recovery after reconnection of the network.