Aventail, a supplier of SSL VPN appliances and managed
services, will introduce new technology later this month that
will enable IT administrators to find out more about user devices
trying to gain access to their network.
"Initially everybody wanted 'anywhere access'," said Chris
Hopen, chief technology officer of Aventail. "Now organisations are
concerned about the [end-point] environment to which they are
exposing their information. They want to know things like how well
the user keeps his PC up to date, does he run anti-virus software,
is the anti-virus software up to date, what is his personal
firewall, and what configuration is that in."
Aventail positions its SSL VPN as an alternative to IPSec (IP
Security Protocol) VPNs. Its "clientless" VPN technology allows
users to access network applications through any web browser from a
variety of devices, including internet kiosks, and on a broadband
or wireless connection, Hopen said. The Aventail software already
has provisions for standard user and group-based access
control.
The new end-point awareness and control technology will enable
network administrators to classify end-point devices based on
categories such as whether the device is managed by the
organisation, and whether it is an employee or a business partner
accessing the network.
Non-employees using managed devices are a growing category of
users. Another category would be unknown, typically unmanaged,
end-point devices such as internet kiosks.
Using this classification, administrators can arrive at an
access policy for users coming in from a variety of end-points with
different environments.
If a machine passes a certain level of risk protection then the
user can be given access for a period of time, but perhaps only to
a reduced set of resources, Hopen said.
Aventail is partnering with other suppliers to ensure the
integration and interoperability of its technology with their
software, and also to use components of their software in its own
technology.
A key challenge in implementing this technology is to protect
the privacy of the end user even as an IT administrator
interrogates the device, Hopen said.
"There are ways to gather a lot of information on the
[end-point]) environment, but you don't want to expose all that
information to the administrator," he added. The user will be able
to write private information and data to a private vault that will
not be accessible to the administrator.
Aventail has set up a research and development centre in
Bangalore. In the next 12 to 18 months the centre may also offer
product support and helpdesk services to the company's
customers.
The company is also exploring the opportunity of offering
managed services in Asia from a data centre in India.
Besides offering its own managed services, Aventail offers its
equipment and technology through managed service providers
including New Jersey AT&T and Bell Canada, a business unit of
Bell Canada Enterprises. Aventail also sells its products to user
organisations which prefer to manage their own VPN
infrastructure.
John Ribeiro writes for IDG News Service