Juniper Pulls SSL VPN into the Cloud

Juniper Networks Inc. is floating a new SSL VPN solution that sits in the network “cloud” to deliver secure access.

The Juniper SA (Secure Access) 6000 SP lets service providers host multiple enterprises from one appliance and institute different security policies for each.

One box can provide service for up to 255 business customers, and 2,500 individual users (which can be divided in any denominations among the 255), at one time. Appliances can be clustered in groups of up to eight units, which can sit at single or distributed sites. Pricing starts at $24,985.

This shared equipment scenario sets up service providers to bring SSL VPNs down market to smaller-sized businesses.

While SSL VPNs are one of the fastest growing areas in networking, most such connections in place today are based on gear that resides at customer sites as opposed to in carrier networks. Indeed, Juniper already has had terrific success in the SSL VPN space, providing CPE-based SSL VPN gear that service providers can use to deliver managed services, or that businesses can just buy and manage themselves.

“There’s been phenomenal traction in the SSL VPN market,” says Vivian Ganitsky, director of product management for the Secure Access product line at Juniper. She attributes that in large part to the fact that SSL security doesn’t require special client software, unlike 802.11i and IPSec, two competing security methods.

A handful of service providers has rolled out network-based SSL VPN managed services, says Ganitsky, but generally these types of services have rather inflexible security policies, so all customers on the platforms have roughly the same policies. The “virtualization” feature of the Juniper SA 6000 SP, however, allows carriers to offer very granular security options based on that business or individual, she says. For example, each customer can have one definition for endpoint security, customizing sign on/sign off pages and the like.

This SSL VPN solution can be used in a variety of applications. For example, it can be used in remote access applications to allow traveling workers to securely check corporate e-mail at a kiosk in an airport by simply typing in a URL. This ability to remotely access corporate data also comes into play for disaster recovery applications when a fire, earthquake or other event prevents corporate workers from getting information off the corporate network while at the office. Extranet access is another application for SSL VPN, which allows partners of a company to access information from a business without having to install a software client on their PCs or other endpoints. Other applications include intranet LAN, WLAN, VoIP and remote mobile access.

The new Juniper product offers three access methods, so access can be provisioned by purpose:

Core Clientless Access

This delivers secure access to Web-enabled applications, files, standards-based e-mail, telnet/SSH sessions, as well as complex content like Javascript, VBScript, and DHTML, and XML- and Flash-based applications.

Secure Application Manager (SAM)

This is for client/server applications.

Network Connect

This is a network-layer connection, via adaptive dual mode transport that gives the best performance for latency and jitter-sensitive applications, like VoIP.

And Juniper’s Endpoint Defense Initiative checks the endpoint at connection, and throughout the session. That entails:

Native Host Check

This checks the security status of endpoint using admin-configurable parameters, including port activity, processes, registry, MD5 hash, and more.

Host Check Client API

This leverages enterprise investment in security, by checking that third-party applications are installed, running and on the right version.

Host Check Server API

This enables the dynamic download of third-party applications from the Secure Access appliance.

Share this article: Email, Slashdot, Digg, Del.icio.us, Yahoo!MyWeb, Windows Live Favorites, Furl
Add this article feed to: RSS, My Yahoo, Newsgator, Bloglines

Read Comments [1]