This article can also be found in the Premium Editorial Download "Information Security magazine: Five crucial virtualization do's and don'ts."
Download it now to read this article plus other related content.
Setting up a "virtual site" for client connections is easy, but there are many options available. We were pleased to see many authentication methods are supported, including RSA SecurID, RADIUS, LDAP, Active Directory and a built-in local database. We used AD, which was easy to set up.
There's enormous flexibility through the use of virtual sites, which can be configured to access different resources within your organization, such as different business units, offices and departments. For example, you may have one virtual site that connects to human resources, and another separate site that connects to various IT groups.
The policy options are extensive. Virtual sites can use different authentication methods based on policy that requires weaker or stronger controls, so one virtual site could require AD, another RADIUS. You can have multiple methods for each site as well. Granular user access can be defined through the "AAA authorization" function.
There are also several ways to access resources via the virtual sites. Simple Web access, file access (CIFS and NFS), mail services, thin client (using Citrix or other thin client technology) and
| a Layer 3 SSL VPN are available. There is a client for Windows as well as Linux for the Layer 3 VPN client. All of the access types were simple to set up, and they all work well.
The reasonable cost and relative ease of use provide a mix that will work well with most any small- or medium-sized organization.
Testing methodology: We tested the SPX 2000 with Windows XP and Windows Vista clients.
This was first published in June 2008