Many organisations today operate in complex, distributed
environments that encompass multiple branch offices spread across
diverse geographical locations, some of which may be subsidiaries
or affiliated companies. For most of these, access to centralised
IT resources is a must. And they also need to provide access to
those IT resources for an expanding army of mobile workers and for
external users.
Remote access has become a fact of life.
To provide secure remote access to employees - and increasingly
to business partners, suppliers and users -
virtual private networks (VPN) have emerged as the technology
of choice. The majority of VPN deployments are one of two flavours.
Secure socket layer (SSL) VPNs require just an internet browser for
setting up a VPN connexion and are an effective remote access
solution for large numbers of remote and ad hoc users.
However, SSL VPNs generally work best with web-enabled
applications. For client-server or highly customised applications,
such as most in-house user
relationship management systems, application programming
interfaces must be written, which is an expensive undertaking. And
they cannot be used for peer-to-peer applications that are coming
into greater use, allowing more effective collaboration.
The other main alternative is an
internet protocol security (IPSec) VPN, most commonly used for
office-to-office connexions, such as a branch office connecting to
headquarters, or for a small number of trusted users accessing the
corporate network. The advantage of IPSec VPNs is that they can
provide access to any type of application running on the network
and can give a user the same experience as if they were physically
located in the main office.
The disadvantage is that they have traditionally required that a
software agent be installed on every endpoint connecting to the
network and that administrators configure each device separately by
visiting each remote site. This made them costly and complicated to
manage - especially in large, complex deployments.
To address these issues, IPSec VPN suppliers have added features
and functionality to their products in recent years, aimed at
easing management issues, beefing up security, and expanding
coverage to a wider range of communications mechanisms, devices and
computer operating systems. This has resulted on a new generation
of more advanced IPSec VPN products coming onto the market.
According to its users, one of the forerunners among those
suppliers is NCP Secure
Communications of Germany. MAN Nutzfahzeuge, a supplier of
trucks, buses, diesel engines and industrial machinery, has been a
long-term client of NCP, but surveys the market every year to
evaluate products offered by other VPN suppliers. It has been
unable to find another product that offers the breadth of
functionality of NCP's technology, which it defines as a suite of
products.
And that is an accurate description. NCP's enterprise-class
products offer powerful centralised management capabilities that
provide one single point of administration for creating,
distributing and configuring user profiles, digital certificates
and software updates without the need to physically visit each
device under management to install software agents. This
considerably cuts down on the number of administrative resources
required to implement and maintain deployments, as well as reducing
costs.
For MAN, this is something of vital importance since it uses
NCP's technology for providing access to central IT resources for
facilities throughout the world, including remotely managed servers
for affiliated companies. The centralised management server also
interfaces with a wide array of backend systems, including an
integrated remote authentication dial-in service (Radius) server
for authentication and access control of users.
Enhanced security features include the provision of network
access controls (NAC) for ensuring endpoint security for all
devices under management, making certain that all devices conform
with security policies, including mobile devices. All security
parameters set are locked so that they cannot be changed by users
and security controls are enforced by a personal firewall for every
endpoint connecting to the network.
The high levels of security are not lost on NCP's clients. For
DATEV, a co-operative that develops software applications and
provides IT services to tax consultants, auditors and lawyers,
security was a key factor in its decision to license NCP's
technology owing to the robust levels of professional
confidentiality that are required for it to comply with Germany's
strict Tax Advisory Act. In proving such compliance, the full
logging and reporting capabilities that are included in NCP's VPN
platform are a must.
One other differentiator of NCP's technology among those
mentioned by its clients is the broad device and technology support
that is offered out of the box, including a wide range of operating
systems, devices and communications methods. VR Netze, which
provides data processing and IT services to co-operative banks
throughout Germany and abroad, says that NCP is the only supplier
that it could find offering support for Windows XP and Vista
operating systems in the 64-bit versions, as well as for Linux and
a wide range of mobile operating systems. It also appreciates that
NCP future-proofs its technology, adding support for new
technologies when they come onto the market.
With a 21-year heritage and a clear focus on the remote access
market, NCP is one of the industry's best kept secrets, best known
in its core German-speaking markets. But that is changing. It can
boast a substantial number of international clients, many of them
multinationals, and is now setting its sights on the world stage by
engaging with an extended range of partners. Any organisation
looking for remote access management expertise would do well to
include NCP in its evaluations.
Quocirca's recent report
The essential elements of secure remote access is free for
download here.