Aventail EX-750 keeps users cleanly connected

If you need to provide secure remote access to Web-based apps as well as other network resources, then an SSL VPN is a great choice. Unlike IPSec VPNs, SSL VPNs do not require any special client software in order to access resources inside the enterprise. Now business partners, road warriors, and users at public Internet access terminals can safely and easily get to the information they need without adding to IT staff’s workload.

The Aventail EX-750 SSL VPN appliance provides granular yet flexible secure remote access without requiring an overly complex GUI. Users and resources are easy to create and manage through the browser-based GUI, and Aventail end point management is first rate. Some advanced end point features, however, require additional licensing. The appliance supports all types of VPN access, including Aventail Connect, a Windows application for seamless network integration. Notably, concurrent connections are limited to 50 users.

Ready, set, connect

Initial installation of the 1U rack-mountable EX-750 took less than an hour. I completed the first part using a local serial connection and the rest using a secure browser session. An easy-to-follow wizard stepped me through assigning an IP address, subnet mask, and gateway to the appliance. The Aventail AMC (ASAP Management Console) is neatly laid out and well organized, with a handy Quick Start set of links that guide you through major configuration and policy definitions.

The EX-750 comes with flexible user authentication tools. Users are grouped into realms, with each realm defined by the user store (LDAP, Active Directory, RADIUS, or local user list) and the credential type (digital certificate, token/SecureID, or username/password). For my test, I created a realm based on users in Active Directory in less than 10 minutes. AMC does a fantastic job of making LDAP and Active Directory connections quick and easy, and the included Test Connection feature ensures everything is correct.

Resource definition is another area where Aventail excels. Adding a network resource requires naming it, defining whether it is a network, URL, or file system resource, and configuring its specific settings, such as share name, IP address, or URL.

As with other SSL appliances, the EX-750 offers three modes of access: Web client, thin client, and network-based. Web-client access simply secures and redirects the user to Web resources inside the enterprise via a Web browser. I tested this feature using both Internet Explorer and Mozilla Firefox, and had no trouble accessing Web applications behind the EX-750.

Thin-client support uses Aventail On-Demand, a download-on-access Java applet. Unlike clients for solutions such as Rainbow NetSwift iGate, the Aventail client installs no network drivers and makes no changes to the client’s host file but is also limited to TCP-based applications. When the session is over, the client closes with no lasting traces.