By Andrew Garcia  |  Posted 2004-07-06 Print this article Print

Aventail Corp.s latest release of Anywhere Secure Access Policy software gives a boost to the companys EX-1500 SSL VPN appliance, providing markedly better client security checks and streamlined policy management workflow than previous ASAP versions.

The changes in ASAP Version 7.1 make the EX-1500 an excellent overall solution. However, Aventails myriad licensing options can escalate costs quickly.

eWEEK Labs tested the EX-1500 with Version 7.1 of the ASAP software, which started shipping last month. The base price for the EX-1500 appliance with ASAP 7.1 starts at $9,495, but that price includes only Web and file application access for 25 concurrent users. The price escalates to $21,495 for 100 concurrent users, and access for other TCP or UDP (User Datagram Protocol)-based applications via Aventail OnDemand and Aventail Connect costs an additional $10,000 for 100 users.

The price of the configuration we tested totaled $31,495 for a single unit (or $44,395 for a redundant pair), making this Aventail solution pricier than competing offerings from Juniper Networks Inc. and Symantec Corp. Click here to read eWEEK Labs review of Junipers NetScreen-SA 3000, Symantecs Clientless VPN Gateway 4420 and two other Secure Sockets Layer VPN products. To ensure remote clients are free of worms, keystroke loggers and spyware, ASAP 7.1 uses Zone Labs Inc.s Integrity Clientless Security or WholeSecurity Inc.s Confidence Online. These ActiveX components must be purchased separately and uploaded to the Aventail appliance.

Aventail provides data protection features via Aventail Cache Control, which removes session traces (browser cache, cookies and history) after users disconnect, similar to features offered in F5 Networks Inc.s FirePass. Administrators can also purchase Sygate Inc.s On-Demand for this capability.

Unlike other SSL VPN vendors, Aventail offers only one model of the EX-1500, relying on its clustering capabilities to provide scalability.

The EX-1500s base price includes SSL-protected access to Web applications and Web-enabled file shares via users ASAP Workplace interface. This process worked equally well to gain access to intranet Web servers, Outlook Web Access and Microsoft Corp. file shares from a wide variety of remote client platforms—Mozilla 1.6 and Internet Explorer 6 browsers on Windows clients, Mozilla 1.6 on Linux and Safari 1.2.1 on Mac OS.

Alexza Molecular Delivery Corp. decided to deploy the EX-1500 after a comprehensive evaluation of SSL-based VPN products from four vendors. Click here to read eWEEK Labs on-site report. Aventail OnDemand provides access to TCP-based applications via an in-line Java component. The OnDemand component doesnt require user knowledge of loopback addresses, as long as a user has local administrative permissions. Wed like to see this capability added to the base licensing cost of the EX-1500.

Administrators can deploy the Aventail Connect client application to access TCP or UDP-based services. The client worked well in tests, but deploying a full client reduces much of the appeal of SSL VPNs in the first place, and only Windows clients will be able to access UDP applications.

Creating access policies in the ASAP Management Console was already an intuitive process, but ASAP Version 7.1 includes several features that make the EX-1500 even easier to use.

The new LDAP and Active Directory search capabilities significantly ease the process of defining groups and users in the local database. The tool is much easier to use than the one Symantec provides with its Clientless VPN Gateway solution.

The access policy creation tools include convenient links to add users or resources without having to navigate away from the policy in progress—a feature thats sorely lacking from many competing products.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel