GCN Insider | Products and trends that affect the way government uses technology
Array Networks' SPX 5000 SSL VPN allows user access only to specific resources.
Virtual Private Networks that use Secure Sockets Layer encryption to create a secure tunnel have been gaining ground for some years on traditional VPNs, which typically use Internet Protocol Security, or IPSec. SSL's advantage is that browsers already support SSL, so it requires little or no additional client software, making it simpler to deploy, configure and maintain.
Now, Array Networks Inc. of Milpitas, Calif., is matching a feature long available on IPSec VPNs'the ability to support secure connections among applications, hosts or networks at any location. The new configuration enables granular access control to network resources no matter where the user is connecting from, said Array marketing vice president Jim Greenway. 'This is the first time a vendor has used SSL VPN technology to provide commercial site-to-site deployment.'
Array's new feature, called Site2Site, will be an add-on to its SPX series of SSL VPNs. Array's SPX series, the 2000, 3000 and 5000, support traditional remote connections. Site2Site will support secure connections among applications, hosts or networks at any locations. Rather than allowing unfettered access to the network, a feature called Resource Publishing lets administrators set policies mapping users to specific resources. The Site2Site feature can be used on remote access connections or on gateway-to-gateway connections.
The SPX 5000 SSL VPN, which supports up to 64,000 concurrent sessions, and the 3000, which supports up to 2,500 concurrent sessions, already are FIPS-140-2 compliant, so the new Site2Site feature will be available for government users. Greenway said Array expects a lot of interest in Site2Site from government as a replacement for existing IPSec VPNs. 'We think there is a migration that is set to begin pretty soon."
William Jackson is a senior writer of GCN and the author of the CyberEye blog.