This article can also be found in the Premium Editorial Download "Information Security magazine: Comparing seven top integrated endpoint security suites."
Download it now to read this article plus other related content.
Application integration turns out to be the piece that makes or breaks the deal when it comes to enabling access through an SSL VPN. SSL VPN appliances have evolved to where many now provide clientless and client-based access that can support a variety of applications, devices and users.
Intermatic chose the SA4000 because it can use dynamically downloaded Juniper Security Application Management (SAM) code to redirect application traffic through the SSL tunnel. Linux or MacOS clients use the Java SAM, while Windows clients use JSAM or the Windows ActiveX SAM.
"SAM provides a universal client to integrate with our back-end systems--for example, AS400 applications with 5350 terminal emulation," explains Revel. "SAM gives users a lightweight version of the back-end application. I would have liked to see SAM be a little more robust, but it still gives us a lot without having to install a VPN client. If you can point new users to a lightweight client, your success rate is going to be a lot higher."
Intermatic employees anywhere in the world can log in to the SA4000, authenticate through Active Directory and browse mainframe applications, invoked from a dashboard customized to each user. Before each connection is accepted, Juniper's Host Checker is launched and inspects the user's device for antivirus, the latest patches and other security
In addition to SAM, Intermatic uses a handful of alternative remote access methods. The Juniper Network Connect client is used when legacy client-side applications like IBM iSeries require network layer tunnels. Juniper Secure Meeting is used to share desktops when collaborating with business partners that don't have VPN access.
Intermatic is a Juniper shop, but also uses F5 Networks' FirePass SSL VPN appliance to access Agile Software's Prod-uct Lifecycle Management application (Oracle bought Agile this year). "The F5 wraps native HTTP in SSL to present Agile to the world through a secure Web site," says Revel. Users can interact with Agile through a Web interface or download a Java Agile client.
This was first published in November 2007