URoam policies restrict remote access

URoam says a software upgrade to its appliance makes it possible for companies to give remote users different levels of access to network resources depending on the machine from which they call.

SUNNYVALE, CALIF. – URoam says a software upgrade to its appliance makes it possible for companies to give remote users different levels of access to network resources depending on the machine from which they call.

With the refreshed FirePass software, uRoam says companies can restrict access for a user logging on from an Internet kiosk, for example, vs. from a home office. This feature also is designed to give network executives the ability to create user group that have access to more or less of a network’s resources.

“This gives me a couple of layers of management,” says John Harford, director of IT enterprise network services for software vendor SAP. “I might want to give everybody access to Windows Terminal Server applications, but not Layer 3 network access.” SAP has rolled out FirePass for its U.S. employees, and if all goes well will expand that to its worldwide workers.

A competitor, Whale Communications, recently announced a similar feature. Others in the market include Aspelle, Aventail and Neoteris.

These vendors follow a general model in which a remote machine with a standard Web browser connects to a Secure Sockets Layer (SSL) proxy server located behind a corporate firewall. The remote machine then authenticates and establishes an SSL session that is proxied to the target server for e-mail and Web-based applications.

Using ActiveX downloads, uRoam can expand this access to other applications using only a browser. If a remote machine has full client software for any IP client/server application, uRoam’s FirePass can issue an ActiveX control to allow remote access to the server.

Policy-based access lets SAP use FirePass as a sales tool, Harford says. Potential customers can log on to SAP’s network to view and test certain applications and be restricted to only those applications. With a remote-access IP Security VPN, the remote machine would require a separate VPN client that would grant network level access. Harford says uRoam limits a customer or business partner’s access. “I don’t have to worry about him running amok and hitting every IP address in my network,” he says.

With the new FirePass 3.5 software, uRoam also is adding integration with directories such as Lightweight Directory Access Protocol (LDAP) or Active Directory for purposes of authorizing network access. So an administrator can define a group of users based on certain fields in an LDAP directory, and FirePass checks group definitions against the directory to see what group users belong to as they log on. FirePass then grants only those privileges each user is entitled to based on their group.

URoam is adding support for Microsoft Exchange Cluster for clusters of messaging servers, FTP downloads and drive mapping. The latter feature lets remote users access corporate network drives as if their machines were located on the LAN.

The new version also lets FirePass appliances back up each other so if one fails the other takes over without dropping sessions.