Aventail is joining the ranks of Secure Sockets Layer remote access vendors whose gear lets customers change user access rights based on how much they trust the machine that is making the connection.

The company is announcing at this week's Demo Mobile 2003 event that its equipment will be able to detect whether a remote machine is company-issued, a home computer or a PC at an Internet café and adjust what resources it can reach accordingly.

These access rights are set centrally by the customer on Aventail SSL appliances.

Aventail follows the model common to many SSL remote access vendors that calls for remote users to authenticate themselves to the SSL remote access server over the Internet and then reach network resources through sessions proxied by the servers.

The remote machine needs only a Web browser to connect, making it a flexible remote access tool that can be employed from virtually any Internet-connected computer. The drawback is that such machines could be readily available to unauthorized users who could gain access to corporate data.

The new Aventail capabilities will let customers identify and deny access to machines that are not trusted, and to check whether trusted machines are properly configured before allowing them access. So, for example, if anti-virus signatures are not up to date, machines can be denied.

Aventail will announce partnerships it is making with other vendors to deliver this capability. Aventail competitors Neoteris and Nokia also provide similar capabilities with their respective partners. Neoteris has an arrangement with Sygate, while Nokia and Whale Communications provide similar functionality with software of their own.

With the proliferation of this capability, it should be added to features to look for when assessing SSL remote access products.

Tim Greene is senior editor at Network World.