IVE Secures Apps for Remote Access

Version 2.2 of Neoteris Inc.'s Instant Virtual Extranet appliance provides a simple way to Web-enable enterprise applications for secure remote access over traditional VPNs.

Version 2.2 of Neoteris Inc.s Instant Virtual Extranet appliance provides a simple way to Web-enable enterprise applications for secure remote access over traditional VPNs.

The IVE appliance is definitely on the pricey side, starting at $10,000, but eWeek Labs tests showed that its a good alternative to more complicated extranet solutions, especially for sites that lack intranets and need an easy way to provide remote access to internal Web resources.

The IVE allowed us to quickly roll out internal resources including e-mail, Web applications and network file shares for remote users, without the need to deploy complex extranet infrastructures. However, for sites such as banks that have custom or legacy applications that cannot be "Web-ified," a VPN (virtual private network) solution is still the only way to go.

The IVE appliance, which shipped last month, sits at the network edge behind the firewall and acts like a proxy, allowing remote users secure access to internal resources. The IVE leverages SSL (Secure Sockets Layer) and the Secure HTTP protocol, which are used in Web browsers to enable clients to share corporate applications, intranet sites and even network shares remotely from the Internet.

The IVE is built around a content transformation engine that parses incoming SSL requests into the appropriate protocol for Web, e-mail or file-sharing chores. The IVE reverses the process for outgoing traffic.

The appliance is a lot simpler to install than standard VPN gateways because no client-side software is required—any Web browser can be used to gain access. The IVE is also relatively inexpensive compared with complex, less flexible (albeit more capable) extranet deployments.

Like its predecessors, the IVE 2.2 comes in Employee Access, or EA1000, and Partner Access, or PA1000, editions, which use the same hardware. We tested the PA1000, which has optimized access control management features. For example, IT managers can set resource-level access control based on URL, server and even specific files. User access can also be restricted based on source IP address.

Both the EA1000 and PA1000 started shipping last month. The PA1000 lists for just under $30,000, and the base unit supports 1,000 users and as many as 100 concurrent users. With a license upgrade (which increases the appliances cost to approximately $70,000), the PA1000 can support a maximum of 1,000 concurrent users and a 10,000-user population.

A pair of competing products—Flatrock Inc.s Application Routers and SafeWeb Inc.s SEA (Secure Extranet Appliance) Tsunami—take different approaches. Flatrocks Application Routers, which start at $36,000, leverage VPN technology and a provider/subscriber model to share resources in business-to-business environments (see eWeek Labs March 11 review at www.eweek.com/links).

SafeWebs SEA Tsunami, priced at $15,000, acts as a reverse application proxy for secure Web services over the Internet. The product also doesnt require client-side software.

In tests, we configured the IVE PA1000 to provide test clients with access to resources including Microsoft Corp.s Exchange e-mail, intranet Web pages, Terminal Services and network file shares. The IVE setup was surprisingly easy; after we configured the appliance with initial network settings, we could use the Web browser to access the administrator console. Using this console, we could select resource settings, user accounts and access control policies.

We created several users to access the Web resources at Neoteris demo site. From an Internet Explorer Web browser, we could easily use Telnet or Terminal Services to access an internal server or use the Session Manager to access IBMs Lotus divisions Lotus Notes or Microsoft Outlook.

The IVE supports a wide range of authentication methods, including LDAP and Remote Authentication Dial-In User Service servers. The appliance has a local native database that can support as many as 10,000 users, but we believe the best option for sites with larger user bases is to use a separate authentication server for the job.

The IVEs dual 10/100M-bps Ethernet ports provide sufficient scalability for 100 concurrent users based on the license restriction, but wed like to see Gigabit Ethernet support.

Wed also like to see hardware failover capabilities because sites might require a high-availability system for remote users. The next release will offer system mirroring to ensure connectivity, Neoteris officials said.

Technical Analyst Francis Chu can be reached at francis_chu@ziffdavis.com.