Aventail touts SSL-VPN appliance
Enters hardware biz
Slated for general availability early in 2003, the Aventail EX-1500 appliance uses a combination of (SSL) encryption and proxy technologies to eliminate application dependence and provide access to any web application, as well as a range of client/server-based corporate applications such as SAP, PeopleSoft, Siebel, Oracle, Citrix, Microsoft and Lotus. It is intended to provide authentication and data encryption between servers and web browsers.
This sort of SSL-based VPN arrangement has come in for criticism recently. One problem is that although the VPN tunnel created using SSL may be secure, there is no way of knowing what that tunnel is being used for if the access point itself is not protected from external influences by a firewall. This is especially likely where control of the access point is outside of the reach of corporate security.
Aventail's director of product marketing, Jude O'Reilley accepts that in some deployments SSL has its limitations. "SSL on its own is not enough" he said. "Aventail combines the use of reverse web proxies and circuit-level proxies to provide a layer of authorization as well as an encryption framework built around SSL technology. That provides the necessary fine-grain control and authorization capabilities." It also avoids the complexity of either an Internet Protocol Security (IPSec) client or a full portal implementation.
Pricing of the appliance is likely to start at around $20,000 depending on the number of concurrent users. Its arrival follows the introduction in June of a $5,000 per month managed appliance option that provides secure clientless access to web applications. Seattle, Washington-based Aventail has helped pioneer SSL VPNs, and claims to have over 400 customers using its SSL-based remote access and extranet VPN services.
SSL VPNs are fast emerging as a cheaper alternative to IPSec for remote access, with much lower maintenance overheads. Market trends indicate that IPSec looks set to remain the dominant tunneling and encryption technology used for VPNs, but that SSL-based products will slowly start to gain acceptance in certain verticals, or when used in scenarios like secure remote access to web-based applications. Check Point Software Technologies Inc moved into the budget SSL-based extranet/VPN market in July, with a clientless version of its SecureVPN gateway. It looks set to challenge start-ups like Neoteris Inc, SafeWeb Inc and Array Networks Inc, as well as Aventail.
The market for SSL-based VPN access has grown in popularity recently, and offers a simple and low-maintenance way of creating a secure connection to corporate systems from remote devices such as mobile phones, PDAs and virtually all internet browser-enabled terminals, without the need for additional client software. Gartner predicts that by year-end 2004, some 60% of corporate users will regularly use a thin-client VPN, instead of a full, fat-client VPN for access to business data.