By Andrew Garcia  |  Posted 2004-02-09 Print this article Print

The latest software refresh of Vernier Networks Inc.s Vernier Networks System offers drastically improved availability features and an overhauled rights management interface. Administrators who need strong authentication and Layer 3 security services for WLAN and public networks will benefit from the Vernier Networks System, but they should be aware the product does not offer wireless LAN management features. eWEEK Labs tested the Vernier Networks System with the new Version 4.0 software. Our testbed included the $6,650 Control Server 6500 and one $3,790 Access Manager 6500 with a $600 four-port Fast Ethernet connection.

The CS 6500 sits inside the protected network, providing centralized policy configuration and authentication services. It also distributes policies to the AM 6500 and manages mobile connections between locations. The AM 6500 provides a gateway between the public and protected networks, enforcing the access policies and providing encryption termination points.

The Vernier Networks System provides powerful access, authentication and Layer 3 encryption features. However, it doesnt offer access-point management, rogue detection or RF (radio-frequency) management capabilities, nor does it enable any Layer 2 security among wireless clients.

Administrators desiring RF and access-point control must implement separate wireless management solutions or look at competing wireless security gateways with access-point management from vendors such as ReefEdge Inc. and Perfigo Inc.

Version 4.0 separates the data and control planes, so the AM 6500s continue to enforce access permissions if the CS 6500 fails. In tests, authenticated users could continue to use the network when we disabled the CS, but new users couldnt authenticate until the CS 6500 came back online.

The system now also supports CS 6500s in a redundant active/passive configuration, seamlessly handing off mobility and authentication duties in case of failure.

Ongoing management of individual AM 6500s is no longer necessary. After using the command-line interface to configure the AM 6500s initial IP address and encryption data to secure communications with the CS 6500, all subsequent management is performed via the CS 6500s Web interface.

Vernier has overhauled the rights management configuration pages, introducing a new interface based on profiles. The new interface cleans up several rights-assignment oddities but could escalate the number of managed profile objects in a large, distributed enterprise.

Access policies are assigned according to profiles based on identity and connection, and the Rights Manager page shows all rights defined across the enterprise. However, configuring a tiered authentication policy was difficult—filtered views that identify rights affecting specific places or groups would ease administrative tasks.

Wed like to see Vernier support administrators with different permissions. Vernier officials said this feature should be added within a few months.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel