Alexza Molecular Delivery Corp.s Tom Miller needed to provide an increasing number of his organizations road warriors with remote access to monitoring experiments and mission-critical applications in a flexible and cost-effective way. At the same time, he needed to build a foundation for the exchange of information with future business partners. His solution: Replace the companys existing IPSec VPN with an SSL-based VPN.
Alexza is one of a growing number of companies opting for SSL technology. Meta Group Inc. predicts that SSL-based VPN solutions will become the dominant approach for remote access within enterprises this year. The Stamford, Conn., research company also estimates that by next year, SSL VPNs will anchor extranets and Web commerce deployments.
After a comprehensive evaluation late last year of Secure Sockets Layer-based VPN products from four vendors, Miller, director of IT at Alexza and an eWEEK Corporate Partner, decided to deploy the EX-1500 SSL VPN appliance from Aventail Corp.
“While the IPSec [IP Security] solution worked, we realized it would be a nightmare to manage as we grew and added new users,” Miller said. “An SSL VPN, and the Aventail solution in particular, allows us to provide people who need to be on the road with a lot of the functionality they get in the office.”
eWEEK Labs went on-site to Alexzas Palo Alto, Calif., offices to evaluate the Aventail implementation. We were impressed by the flexibility and ease of use of the Aventail solution, as well as with the improved management functionality that Alexza, a specialty pharmaceutical startup founded in 2000, has been able to attain via its deployment.
When Miller began looking at SSL VPN solutions, remote access at his company was limited to Web-based e-mail via Microsoft Corp.s Outlook Web Access. To access Word, Excel and other files remotely, employees had to e-mail the files to themselves and access them through Outlook Web Access. Employees used SafeNet Inc.s Sentinel VPN client, which is IPSec-based, in conjunction with Fortinet Inc.s FortiGate 400 firewall to access applications.
The IPSec VPN was suitable for Alexzas power users, but Miller was concerned about management of the system as the number of users increased.
He decided to test products from Aventail, Cisco Systems Inc., F5 Networks Inc. and Neoteris Inc. (now Juniper Networks Inc.) with the help of Corsa Network Technologies Inc., a systems integrator in Campbell, Calif.
Millers requirements were clear: He wanted to provide remote access for mobile travelers and after-hours users to monitoring experiments and other mission-critical applications; to allow access to a variety of applications with minimal client requirements; to simplify administration and support; and to have native integration with Microsofts Active Directory.
Alexza tested each vendors solution under a 30-day try-to-buy agreement before deciding to install Aventails EX-1500 SSL VPN appliance in the corporate computing network. The flexibility and pricing of the Aventail product, as well as Aventails experience in the SSL VPN market, pushed the solution to the top of the heap.
Eight employees who are constantly on the road and frequently access files were trained for an hour on how to use SSL VPNs and participated in the pilot tests. In the end, Miller chose Aventails EX-1500 SSL VPN appliance, which cost Alexza $17,800. Alexza is paying about $3,000 a year for 25 user licenses.
When eWEEK Labs was on-site last month, Alexza had just finished integrating Aventails product with Active Directory. Miller had also successfully tested SSL Web access to Microsofts Web Outlook and to files stored on his companys Windows 2000-based corporate network.
Today, Miller is in the process of rolling out the Aventail solution to 25 power users who need access to critical data. Users who want to check their e-mail off-site can use any Web browser. For applications such as Waters Corp.s Empower, a chromatography data program that requires a front-end client such as Citrix that connects to Alexzas Oracle Corp. 9i database, employees use either Aventails OnDemand for Java applet access or Aventails Connect, a Windows agent for fat clients.
Currently, five mission-critical applications, including Empower and Blue Mountain Quality Resources Inc.s Calibration Manager software, are accessible via the SSL VPN. Miller and his IT staff use Aventails management console to define each users level of access, as well as conduct security audits.
Miller is now looking at providing access to other monitoring applications. He estimates he will provide access to six more applications this year.
Miller said he expects to eventually deploy an ERP (enterprise resource planning) system, which he will also want to make accessible to remote users.
“The SSL VPN is a part of our mobile computing strategy, which will become increasingly important as we grow in size,” he said.
Senior Writer Anne Chen can be contacted at [email protected].
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: