SSL VPNs made simple
The enKoo-3000 meets the remote access needs of smaller shops
You can always tell when a particular technology begins to gain momentum by the availability of lower-cost alternatives to the bleeding-edge, high-end devices. One company that is specifically targeting the SMB SSL VPN market is enKoo, whose enKoo-3000 Remote Access Appliance provides access to Web-based and TCP-based applications, Windows and Unix file shares, terminal servers, and users’ desktop PCs via 128-bit encrypted SSL streams. Although it lacks much of the granular access control and end-point management found in the high-end SSL VPN appliances, it makes up for it in ease-of-use and ease-of-deployment.
From shrink-wrapped to operational, the enKoo-3000 took me less than 30 minutes to install. Initial setup of the appliance only required setting a static IP address -- IP address was assigned via DHCP initially -- and time, date, and time zone. The install wizard also includes a detailed set of instructions for configuring your firewall/router to forward traffic to the enKoo appliance from outside the network.
Unlike enterprise-class SSL VPN appliances such as the Aventail EX-1500 and the Juniper SA-5000, the enKoo-3000 does not include any VLAN or other advanced IP routing features, nor can the appliance be provisioned into multiple virtual servers. To be fair, the enKoo-3000 isn’t trying to play at the high end of the SSL VPN market. User management is also sparse, supporting only an internal user database in the release I tested. According to enKoo, support for Active Directory and LDAP will soon become available as a free upgrade. To prevent any chance of someone gaining access to user names and passwords on the appliance, the local user database is encrypted using 3DES.
At your service
As do other SSL VPN appliances, the enKoo-3000 serves up a Web portal for remote user log-in. For Web-based applications, users simply click on the Web Apps button to access a list of predefined Web resources. Using the Web Apps connector, the enKoo-3000 rewrites the HTML stream as it passes through the appliance, and I found it can adversely affect how your Web application functions.
For example, I created three links to different Web apps: OWA (Outlook Web Access) 2000, OWA 2003, and a “homegrown” Active Server Pages application I use for tracking software keys. I accessed each site using Internet Explorer 6, and the enKoo’s HTML rewrite engine failed to reproduce the two OWA sites correctly. My homegrown application worked fine, but OWA didn’t work or look as it should.
To get the true OWA experience, I had to configure both services using an alternate service called the Secure Application Connector. Whereas Web Apps is a pure HTML rewrite/reverse proxy engine, the Secure Application Connector uses a Java client to cleanly pass all TCP traffic through the appliance. The downside to using the Secure Application Connector for Web-based applications is that the HTML content is not inspected and rewritten, so it’s potentially less secure. enKoo stated that support for premium Web applications such as OWA will be available in the Web Apps connector sometime in the first quarter of this year.