Aventail secures edge of SSL VPN network

Aventail, a supplier of SSL VPN appliances and managed services, will introduce new technology later this month that will enable...

Aventail, a supplier of SSL VPN appliances and managed services, will introduce new technology later this month that will enable IT administrators to find out more about user devices trying to gain access to their network.

"Initially everybody wanted 'anywhere access'," said Chris Hopen, chief technology officer of Aventail. "Now organisations are concerned about the [end-point] environment to which they are exposing their information. They want to know things like how well the user keeps his PC up to date, does he run anti-virus software, is the anti-virus software up to date, what is his personal firewall, and what configuration is that in."

Aventail positions its SSL VPN as an alternative to IPSec (IP Security Protocol) VPNs. Its "clientless" VPN technology allows users to access network applications through any web browser from a variety of devices, including internet kiosks, and on a broadband or wireless connection, Hopen said. The Aventail software already has provisions for standard user and group-based access control.

The new end-point awareness and control technology will enable network administrators to classify end-point devices based on categories such as whether the device is managed by the organisation, and whether it is an employee or a business partner accessing the network.

Non-employees using managed devices are a growing category of users. Another category would be unknown, typically unmanaged, end-point devices such as internet kiosks.

Using this classification, administrators can arrive at an access policy for users coming in from a variety of end-points with different environments.

If a machine passes a certain level of risk protection then the user can be given access for a period of time, but perhaps only to a reduced set of resources, Hopen said.

Aventail is partnering with other suppliers to ensure the integration and interoperability of its technology with their software, and also to use components of their software in its own technology.

A key challenge in implementing this technology is to protect the privacy of the end user even as an IT administrator interrogates the device, Hopen said.

"There are ways to gather a lot of information on the [end-point]) environment, but you don't want to expose all that information to the administrator," he added. The user will be able to write private information and data to a private vault that will not be accessible to the administrator.

Aventail has set up a research and development centre in Bangalore. In the next 12 to 18 months the centre may also offer product support and helpdesk services to the company's customers.

The company is also exploring the opportunity of offering managed services in Asia from a data centre in India.

Besides offering its own managed services, Aventail offers its equipment and technology through managed service providers including New Jersey AT&T and Bell Canada, a business unit of Bell Canada Enterprises. Aventail also sells its products to user organisations which prefer to manage their own VPN infrastructure.

John Ribeiro writes for IDG News Service

Read more on IT strategy