Companies looking for the most affordable way to kick off an SSL VPN technology pilot project—or deploy basic service for a small number of users—should check out the beta version of 3SP Ltd.s SSL-Explorer.
Although 3SP eventually plans to offer fee-based support contracts and optional plug-ins such as certificate-based authentication, the base product—which includes access to Web applications, file shares, VNC (Virtual Network Computing) and Terminal Services remote control applications—is freely available under the GNU GPL (General Public License) at www.sourceforge.net.
Overall, eWEEK Labs found that SSL-Explorers usability, configurability and client security features dont measure up to mature offerings weve found in enterprise-class products from Check Point Software Technologies Ltd., Juniper Networks Inc., F5 Networks Inc. or Aventail Corp. However, we believe SSL-Explorer will be interesting for small offices or deployments once it goes gold.
SSL-Explorer requires Sun Microsystems Inc.s latest Java Runtime Engine— 1.5.0—on the central server and client machines. Clients may access file shares and proxied Web resources without Java installed, but installing Java enables access via the Java VPN client application, which also opens access to several other applications and services.
We installed beta versions 0.1.7 and 0.1.8 on a Windows 2000 server; Linux packages for Red Hat Inc.s Red Hat Linux 8.0 and above are available.
Although we could configure SSL-Explorer to use its internal user database, we preferred to leverage the connection to our AD (Active Directory) user store. SSL-Explorer lets administrators preprogram available resources into the client interface, but dont expect to see the per-user or per-group access policies and customization found in competitive paid SSL VPN solutions. With Version 0.1.8 Release Candidate 1, SSL-Explorer can assign different access to local users via roles, but the functionality still has much room for improvement for AD users.
When accessing Web resources, users are faced with the complicated decision to either use a secure proxy or leverage the Java VPN client to access a single site. Wed like to see better documentation or help menus to guide users to understand the difference when the resources are not preprogrammed.
We found Web access via SSL-Explorer a mixed experience. Many of our internal Web sites were accessible without a hitch, but our Exchange 2003 Outlook Web Access site worked only in Version 0.1.8 via preprogrammed replacement values—but not the more feature-rich OWA version you get with Microsoft Corp.s Internet Explorer.
Users may access file shares using predefined links or by manually browsing shares from the SSL-Explorer Web interface. Alternatively, by leveraging WebDAV (Web-based Distributed Authoring and Versioning) on Windows XP-based clients, users can create links to Web folders that can be accessed directly from the desktop.
With Java installed on the client, SSL-Explorer offers client applets for VNC- or Terminal Services-based remote control sessions, or administrators can set things up to use the Windows XP Remote Desktop application instead.
The SSL Tunnel feature, meanwhile, allowed us to redirect TCP or UDP (User Datagram Protocol) ports, opening access for POP3 (Post Office Protocol 3) or Telnet clients, among others.