Array Networks falters where F5 flies in SSL VPN standoff
FirePass 1000 proves more complete next to Array SP
For each Virtual Site, you choose the type of authentication to use from Active Directory, LDAP, RADIUS, SecurID, or the local user database. Array has an API that allows you write your own authentication connector, if needed. For my test, I authenticated my users against Windows 2000 Active Directory without any trouble. Each Virtual Site can have its own server-side digital certificate, cipher suite definition, and minimum cipher strength.
Further Virtual Site definition includes enabling Windows or Unix file shares, and the creation of TCP Application Settings, a section in each Virtual Site that allows you to create thin-application mappings. Defining your TCP applications in the SP is not very intuitive and would benefit from a less confusing user interface. Although the available settings allow you to define just about any TCP application profile based on address and port, there are no predefined applications to choose from.
A Java applet downloads to your browser automatically when you connect to one of these protected resources. I found that for best results, you need to be running the latest version of the Microsoft JVM. I ran into trouble because one of my test laptops had the Sun 1.4.2 Java Virtual Machine installed. Currently there is no network-layer VPN component to allow IPSec-style access through the SP, but a company representative confirmed that one is under development.
All told, the Array Networks Array SP is secure in the services it provides, and it’s well-suited to protecting Web applications. However, the F5 FirePass 1000 is a more complete offering.