Aventail EX-750 keeps users cleanly connected
Flexible, easy-to-install SSL VPN grants admins the end point controls they need
Aventail Connect is a Windows-based software client that runs in the background on a remote user’s PC. Unlike Aventail On-Demand, it provides transparent access to protected resources over both TCP and UDP (User Datagram Protocol) protocols. The client launches prior to the user logging in to his or her computer. This is important, because it allows the user to log in to a Windows domain over the SSL tunnel and come under all group policy restrictions and log-in script processing as defined by administrators. From the users’ perspective, they are part of the enterprise, even though they are not inside the local network.
Aventail Connect’s EPC (End Point Control) is the end-user security policy engine. Through EPC, Connect can be set to clear the remote user’s browser cache at the end of a session. By purging the cache, any potentially sensitive temporary files are deleted from the PC. Administrators can also force other open browser windows to close at the start of a secure session. Aventail Connect also checks to ensure Zone Labs, Sygate, or WholeSecurity services are installed and running prior to allowing the session to begin. This feature is not included in the base price of the appliance and comes at an additional cost.
Administrators create security profiles using the Connect Administrator Tools and distribute the package to remote users either as a file-attached e–mail message or through the company portal. Because Aventail Connect is centrally managed, administrators can enforce security policies to remote users from one location. For example, decisions such as whether cache cleaning is required or whether a specific anti-virus application is present on the remote PC can be defined and pushed out to all Aventail Connect users.
Aventail Secure Desktop, part of Aventail Connect, is a step up from a simple cache cleaner. Through an ActiveX control, Secure Desktop creates a unique container on the remote client inside of which the secure session runs. When the session is over, Secure Desktop destroys the container, preventing any lingering traces on the client PC. There are no temporary files or cache objects to worry about. Unfortunately, Secure Desktop is only available for Windows platforms and is a separate purchase.
The EX-750 provides a solid set of tools for managing your SSL certificates. Through AMC, administrators can quickly import a certificate, create a new self-signed certificate, or generate a request for a certificate from a commercial certificate authority. There are a number of SSL cipher strengths available to use when encrypting traffic for Web and client server access, from 40-bit up to 168-bit 3DES (Triple Data Encryption Standard). This allows administrators to define the specific level of security for their appliance and applications.
The Aventail EX-750 is a well-crafted appliance that will meet the needs of small to midsize environments, thanks to its flexible resource management and well-designed user directory console. The management GUI is neat, clean, and well laid out, and the appliance doesn’t leave anything out. I would like to see all of the EPC features available to more than just Microsoft platforms, but for most companies, that won’t be an issue.