Blue Coat is introducing an SSL VPN device that overcomes some of the practical difficulties of extending VPN access to untrusted computers.

The device, called Blue Coat RA (which stands for remote access), can push an executable file to remote machines that makes it possible to access client-server applications as well as enforce security policies on those remote computers.

These features can be extended to any computer regardless of whether the end user has administrative rights. So a borrowed machine or a home machine owned by an employee could be used. The remote computer could also be a corporate-issued machine where an administrator, not the end user, has administrative rights.

Enabling some endpoint-checking features and shims that are part of other vendors' SSL VPN gear requires administrative access, which can be a hindrance to actually deploying the technology.

In addition, the executable, called Blue Coat Connector, downloads security policies that it enforces on VPN activity. For example, it can force encryption of data that is downloaded to temporary files on the remote computer's hard drive to protect them from being read.

Connector can also suppress the activity of spyware on a machine. A keylogger that attempts to record keystrokes can be thwarted by allowing only a particular application and no other processes on the computer to have access to the keystroke information. The logger will not have access to the data it is trying to steal, thereby securing work being done on the remote machine during the VPN session.

Blue Coat RA uses SOCKS proxying to connect remote machines to corporate networks, making it possible to access client server applications without inserting shims in the kernel of the remote computer.

The device comes in three models that range in price from $7,000 to $55,000.

Tim Greene is senior editor at Network World.