Array Networks falters where F5 flies in SSL VPN standoff

Free Newsletters

Log-in | Register

Array Networks falters where F5 flies in SSL VPN standoff FirePass 1000 proves more complete next to Array SP
By Keith Schultz December 05, 2003			E-mail Printer Friendly Reprints Slashdot It!

For mobile and remote users, SSL VPNs are fast becoming the secure access of choice by IT professionals. They are easy to implement, and because they work through your Web browser they negate the need for an IPSec-style client, making them easier to deploy on a wide range of mobile devices.

Free IT resource

Virtualization Insights from Top Experts - Learn how virtualization gets real!

Sponsored by Microsoft

The SSL VPN appliance space is currently in a state of “me too,” as vendors old and new announce new releases and upgrades. In October, I reviewed two SSL VPNs. This time, I looked at Array Networks’ Array SP (Secure Proxy) and F5 Networks’ FirePass 1000.

These two devices provide the core SSL access features of reverse Web proxying, access to Windows or Unix file shares, and terminal services. Both scale well

and rewrite and compress HTML streams but differ in usability and functionality.

Of the SSL appliances, the FirePass provides the best mix of VPN functionality, client security, and ease of use. You get SSL-secured VPN support for Web-based and thin applications as well as an IPSec-style network-level connection. The Array SP secures Web apps very well, but support for thin applications is cumbersome and IPSec-style tunnel is nonexistent.

F5 FirePass 1000

Recently acquired from uRoam, the FirePass 1000 provides a full range of secure remote access. The FirePass blends HTML translation and compression for increased performance with client-side cache management. You do not get any URL filtering or low-level network features as you do from the Array SP, but you do get an IPSec-style tunnel and the ability to manage how content is cached in the user’s browser.

The FirePass 1000 comes in a slim 1U chassis and ships with dual 10/100Mbps Ethernet interfaces. Unlike the Array SP, the FirePass does not support clustering, but you can configure a second unit for hot, stateful fail-over. You can also use SSL to encrypt local traffic to help prevent snooping.

While not a task for the novice, configuring the FirePass was much easier than was the Array appliance. The tasks are well-organized and include informative descriptions that take much of the mystery out of the equation. As would just about all of the other SSL appliances I’ve reviewed, the FirePass would benefit from a setup wizard or ordered

list of steps to complete specific tasks.

Policy configuration begins with the creation of one or more user groups. You can import users from an LDAP source, from a file, from a Windows domain, or simply add them manually. Available authentication schemes for groups are RADIUS (Remote Authentication Dial-In User Service), Vasco Digipass, LDAP, basic HTTP to an external server, Windows domain/Active Directory, or HTTP form-based authentication, but only one type of authentication is available per group. Just as with the Array SP, I used Windows 2000 Active Directory as my authentication source and had no trouble with the system.

The FirePass uses Webifyers to define access to internal servers. Not only can you connect to Web applications but also to Windows and Unix file shares, X-Windows, Citrix MetaFrame, VNC (Virtual Network Computing, an open source remote control application), Microsoft Terminal Services, “green screen” host access, local intranet sites, and an IPSec-style network-level connector. Unfortunately, access to terminal services is limited to Win32 PCs. Also included is a connector called My E-mail that takes you directly to your inbox on a POP3 or IMAP server. During my tests, I did not experience any compatibility issues between JVM releases on my remote test users and the automatically downloaded Java and ActiveX components from the FirePass.

The SSL VPN portion of the FirePass is first-rate and provides all of the necessary components for secure deployment. You can define static drive mappings to a protected server using your already-accepted client credentials and launch an application on connect. As with other SSL appliances, you can make sure anti-virus and other client security software is active before establishing the tunnel by requiring a process to be either present or absent on the remote PC.

Continued
1 | 2 | Next Page »

F5 Networks FirePass 1000

F5 Networks, f5.com

Very Good 8.3

criteria	score	weight
Security	9	30%

Interoperability	8	25%

Setup	8	20%

Ease-of-use	8	15%

Value	8	10%

Cost:
$9,990 for a 25 concurrent-user license

Platforms:
Internet Explorer, Netscape Communicator

Bottom Line:
The FirePass 1000 provides a complete mix of secure remote access to protected servers. SSL VPN capabilities are well represented, including an IPSec-style network-level component. Although it’s not perfect, the FirePass doesn't lack in any one area.

About our Reviews and Scoring Methodology

Array Networks Array SP

Array Networks, arraynetworks.net

Good 6.4

criteria	score	weight
Security	6	30%

Interoperability	7	25%

Setup	5	20%

Ease-of-use	7	15%

Value	8	10%

Cost:
$35,000 for a 500 concurrent-user license

Platforms:
Internet Explorer, Netscape Communicator

Bottom Line:
The Array SP secures remote user access using SSL and provides URL filtering, firewall capabilities, and SSL acceleration. It is geared more toward securing Web-based apps and lacks a network-level IPSec-style connector. Setup can be burdensome.

About our Reviews and Scoring Methodology

E-mail

Printer Friendly

Reprints

Slashdot It!


	Keith Schultz is president of NetData Consulting Services.

TOP NEWS:

» Troubleshooting tool for Java offered
Sun's Java VisualVM open-source technology views apps while they run on a JVM and is billed as all-in-one solution

» Python backing eyed for NetBeans
Scripting language capabilities of the open-source IDE continue to expand

» Microsoft sets Windows XP SP3 automatic download for Thursday
The latest service pack for Windows XP will be pushed to Automatic Update at 7a.m. EDT on July 10

» Real Software, Veryant bolster dev tools
RealBasic, Cobol apps platforms get improvements

» Microsoft sets hosted-services pricing, irks partners
By offering 38 percent discount to customers who buy entire hosted business productivity suite, Microsoft undercuts partners selling similar services

» Adobe readying new mashup tool for business users
Mashup interface code-named 'Genesis' will open up desktop 'workspace' combining business application data, documents, analytics, and instant messaging

Dialing up Agility with Business Transformation
Is your organization innovating quickly enough to meet their needs, drive your business goals, and rise above the competition? Business Integration - leveraging the power of BPM and SOA - is the key to making the transition from the fragmented enterprise to a connected one. Register to attend this live webcast now!

» Click here to view this Webcast

Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Class of Service: Myths and Misconceptions - There has been much discussion about the benefits of CoS; but, there are also common myths, which unless challenged, can...
Going mobile with today's technology - Mobile applications are transforming how companies operate. With new ways to work flexibly, employees are becoming more ...
Measuring mobile productivity - Companies must be able to measure productivity gains from mobile working. Productivity is notoriously difficult to measure...
Thinking about IMS - IMS's increased flexibility and the potential it offers for new services will create a fundamental shift in the way that...
Agile Development: 5 Steps to Continuous Integration - As more and more organizations adopt agile development, the need for continuous integration of a build can be a daunting...
Leading Analysts: Pen Testing is a Requirement - In a newly-published case study, Gartner's John Pescatore, one of the most respected analysts covering the IT security market...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

FIND PRODUCTS AND COMPANIES

» COMPLETE PRODUCT GUIDE

TECHNOLOGY INDEX

• Applications
• Application Development
• Security
• Networking
• Wireless
• Platforms
• Hardware
• Data Management
• Storage
• Web Services
• Business
• Telecom
• Professional Services
• Standards

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
CA - Efficient - Flexible - Compliant PGP - Is Your Data Safe? Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Curl - IT Guide: Rich Internet Application (RIA) Security HP/Intel - If you don't have enough I/O, your VMs aren't going to go. Symantec - Whitepaper: Secure, recover, and archive critical information Microsoft - {Open Source} Heroes Happen Here Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching InterSystems - Use Ensemble - quickly create composite applications. AT&T - Factors to consider when comparing DSL or Cable Cirba - Advanced Workload Analysis Techniques Rackspace - Go Green Without Sacrificing Server Performance CA - Manage your IT more effectively. AT&T - Measuring mobile productivity AT&T - Thinking about IMS CA - Plan IT better, Manage IT better. AT&T - Refine your company's plan for a Business Disruption Event AT&T - Going mobile with today's technology Cirba - Consolidating Workloads onto Mainframes AT&T - What to expect from a Technology Assessment.		AT&T - Class of Service: Myths and Misconceptions AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. HP - Explore the interactive whitepaper: Rightsizing Blades for the mid-market. Symantec - Webcast: Beyond AntiVirus AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor EMC - EMC and VMware help you build your virtualized infrastructure. AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. MKS - The Power of UNIX/Linux on Windows with MKS Toolkit Vision Solutions - Is your smaller organization ready for High Availability? Vision Solutions - Is system maintenance doing more harm than good? HP - NEW HP LaserJet P4014n printer Starting at $699 after $100 IS. HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - Speed, agility, flexibility - The HP BladeSystem c-Class. Vkernel - Resolve Capacity Bottlenecks and Enhance Your Virtual Environment Nokia - Restore Your Mobile Devices With One Click Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist