Start-up offers SSL remote access

Positive Networks is trying to jump into the Secure Sockets Layer remote-access market with a service that enables safe Internet connections to corporate networks from virtually any remote computer, whether it is company-issued, employee-owned or borrowed.

Positive Networks is trying to jump into the Secure Sockets Layer remote-access market with a service that enables safe Internet connections to corporate networks from virtually any remote computer, whether it is company-issued, employee-owned or borrowed.

The two-year-old start-up that is based in Kansas City, Kans., calls its service PositivePRO VPN, which is designed to compete with traditional IP Security remote-access VPNs and SSL remote-access networks.

Positive says it is trying to make it easy to give businesses remote-access options. If the remote computer is borrowed, the PositivePRO connection is made using the SSL capabilities in the PC’s browser, restricting access to Web-based applications. If the computer is owned by an employee or by the company, users can increase connection features by downloading a software agent.

The agent can reconfigure the remote machine so it meets corporate security policies. So if a computer doesn’t have the correct firewall settings and had its anti-virus software turned off, for example, Positive’s agent could correct the settings and turn on the virus scanning. It also can check for registry settings and appropriate operating-system patches. Once the session is over, the agent returns the computer to its original configuration.

With the agent installed on desktops at corporate sites and on remote machines, remote users can take direct control of these machines, giving users the exact network capabilities they have when they are in the office. They also can access to files stored only locally on those desktops.

Positive says it wrote all its own software with the idea of making it simple to set up and manage remote access. That is what attracted Liz Patterson, IT manager for Amperion, an Andover, Mass., start-up that makes data-over-powerline gear. She had been using SonicWall IP Security VPN gear for remote access, but setting up connections over certain ISP networks proved difficult or impossible.

Using Positive’s management platform, Patterson sets policies and authorizes users. Amperion software developers use the service to upload work to servers, and she has used it to access her corporate e-mail from her home computer. The PositivePRO agent reconfigures the computer to meet Amperion policies, and returns it to its former configuration when the session is over.

She considered using remote-access service provider OpenReach, but each site required an OpenReach server. Positive requires each site to have a device that can terminate an IPSec tunnel, but she already had those in the SonicWall gear.

Positive uses an IPSec tunnel between each corporate site and its point of presence. Remote users create SSL tunnels to the Positive POP and the SSL tunnels are spliced to the IPSec tunnels to complete the connection.

Rather than buying a remote-access service, customers can set up their own SSL remote access with appliances that proxy between remote computers and servers behind the corporate firewall. Vendors such as Neoteris, Netilla, Nortel and Whale Communications among others make these devices. Aventail provides an SSL-based remote-access service.

PositivePRO costs about $20 per user per month.