Aventail secures edge of SSL VPN network

Aventail, a Seattle vendor of Secure Sockets Layer VPN appliances and managed services, later this month plans to introduce new technology that will let IT administrators find out more about a user device that is trying to gain access to their network.

"Initially everybody wanted 'anywhere access,'" Aventail CTO Chris Hopen said. "Now organizations are getting to the next stage, and they are concerned about the (end-point) environment to which they are exposing their information. They want to know things like how well the user keeps his PC up to date, does he run anti-virus software, is the anti-virus software up to date, what is his personal firewall, and what configuration is that in."

Aventail positions its SSL VPN as an alternative to IPSec VPNs. Its "clientless" VPN technology allows users to access network applications through any Web browser from a variety of devices including Internet kiosks, on a broadband or wireless connection, Hopen said. The Aventail software already has provisions for standard user and group-based access control, he said.

The new end-point awareness and control technology will enable network administrators to classify end-point devices based on categories such as whether the device is managed by the organization, and whether it is an employee or a business partner accessing the network, Hopen said. Nonemployees using managed devices are a growing category of users. Another category would be unknown, typically unmanaged, end-point devices such as Internet kiosks, he said.

Using this classification, administrators can arrive at an access policy for users coming in from a variety of end-points with different environments.

If a machine passes a certain level of risk protection then the user can be given access for a period of time, but perhaps only to a trimmed-down set of resources, Hopen said.

To bring the technology to market, Aventail is partnering with other vendors to ensure the integration and interoperability of its technology with their software, and also to use components of their software in its own technology, Hopen said.

A key challenge in implementing this technology is to protect the privacy of the end user even as an IT administrator interrogates the device, Hopen said. "There are ways to gather a lot of information on the (end-point) environment, but you don't want to expose all that information to the administrator," he said. The user will therefore be able to write private information and data to a private vault that will not be accessible to the administrator.

Aventail has set up a research and development center in Bangalore that will focus initially on development. In the next 12 to 18 months the center may also offer product support and helpdesk services to the company's customers, said Mark English, vice president of engineering at Aventail. The company is also exploring the opportunity of offering managed services in Asia from a data center in India.

Besides offering its own managed services, Aventail offers its equipment and technology through managed service providers including New Jersey AT&T and Bell Canada, a business unit of Bell Canada Enterprises (BCE) in Montreal. Aventail also sells its products to user organizations that prefer to manage their own VPN infrastructure.

The IDG News Service is a Network World affiliate.