By Andrew Garcia  |  Posted 2005-09-05 Print this article Print

Caymas Systems Inc.s Identity-Driven Access Gateways provide fine-grained access controls and hardware-accelerated encryption and packet inspection that allow IT administrators not only to simplify remote access to critical data resources but also to add identity-based access controls within the corporate network.

At their heart, the Caymas 525 and Caymas 220 IDAGs are SSL (Secure Sockets Layer) VPNs on steroids. Integrated hardware-based encryption and inspection accelerators boost the number of possible concurrent connections and improve secure throughput performance enough to warrant internal deployment.

Stateful and deep-packet inspection engines control access to network services and examine allowed traffic for suspicious payload. The IDAGs, when used with integrated endpoint assurance tools, combine to sanitize network traffic and connecting hosts.

eWEEK Labs tested the Caymas 525 and Caymas 220, each running Software Release 3.0, which shipped in July. Release 3.0 introduces the Security Zones feature, which lets administrators create differing access policy restrictions depending on where a user connected from.

We placed the Caymas 525, designed to accommodate 2,500 concurrent users, in front of our data center resources. We installed the Caymas 220, designed for 100 concurrent users, at the network perimeter. Using Security Zones, we configured for both appliances a single access policy that dictated much more stringent authentication and validation steps for remote users.

Unlike other SSL VPN vendors, such as Juniper Networks Inc. and Aventail Corp., Caymas does not muck up its pricing by layering additional licensing costs for more users or features. Instead, each appliance comes with a flat price: The Caymas 525 costs $44,995, while the Caymas 220 costs $14,995.

Click here to read Andrew Garcias comparative review four of SSL-based VPN appliances. The IDAG appliances provide several access methods: Secure Proxy is the standard reverse proxy for Web-based applications and file shares, while Secure Tunnel provides access to other TCP or UDP (User Datagram Protocol) network resources via either Java or ActiveX-based host redirector applets. Secure Connect is a driver-level control that provides full network access for Windows-based clients. The IDAGs also offer a Web Relay feature for redirecting more complex unencrypted Web applications.

Security Zones allowed us to provide SSL VPN-based access to data center resources for internal users as well. We required internal users to provide log-in credentials to access resources in the data center, but we did not require end-point assurance scans or encryption. This let us easily track each users access to resources without taxing the gateways resources for largely trusted users.

We could also deploy the Caymas appliances to isolate a public LAN segment. The Caymas gateways provide a captive portal, endpoint assurance checks and limited access rights for guest users. Software Release 3.0s new follow-me IP capability let us assign guests a static IP address via DHCP (Dynamic Host Configuration Protocol) relay.

The endpoint assurance tests are powerful, but they require a lot of manual customization.

Next page: Evaluation Shortlist: Related Products.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel