NetSilica’s Enterprise Private Network (EPN) offers an alternative to VPNs for giving users remote access to files and applications, as detailed in a previous article. After reading the earlier article, many members had lingering questions about how EPN worked and what kind of compatibility issues need be considered.
NetSilica executives provided responses to the questions and concerns raised in the Discussion Center posts about the EPN product. We also contacted an IT professional from Vanderbilt University for some insights on a real-world deployment of EPN.
Recap and questions
EPN’s strength is that it enables administrators to give individual users remote access to specific folders and applications instead of providing a complete connection to the network with VPN. EPN is intended to be a complement to VPN and not a VPN replacement. NetSilica claims that most users who work remotely need access to only some files and e-mail, and VPNs are essentially overkill for these users.
In short, EPN is a simple, browser-based option that provides a less complex solution aimed at select users. It is a potentially useful option, but TechRepublic members had some questions and wanted clarification on particular details.
For example, one member wanted to know whether EPN included any functionality to power up a data source remotely.
NetSilica director and cofounder Chandra Prathuri said that such remote control functionality wasn’t built into the EPN product primarily for security reasons. Because the aim of EPN is to give users access only to specific data residing inside the network, additional functionality such as remote control is outside the scope of the product’s intended function.
Another question concerned whether EPN requires a dedicated server. Prathuri and NetSilica COO David Haines said that it doesn’t have to be run on a dedicated server.
Prathuri explained, "Because this is a software solution, it can be plugged into any of the Web servers the corporation has, with load balancing and clustering to ensure performance and scalability."
Chris Hastings, Manager of Security for Vanderbilt University’s Network Computing Services department, has implemented the NetSilica EPN. Hastings has set up servers for redundancy and high availability to support the university population that will be using the solution.
“We expect when it’s fully rolled out that we could easily have a few thousand users.”
Hastings expects to see no more than 100 simultaneous users at peak use but plans to design the servers to better support more users by adding load balancing. That way, he said, the system can support growth without a performance impact.
“An important thing to note is that once the connection is negotiated at the server, it becomes peer-to-peer, so not all of the data has to be funneled through the server,” he said.
Members were also concerned about cross-platform compatibility. Prathuri said that because the server module is a Java product, it will work on any Web server that supports Java. For example, it works on Windows operating systems, UNIX, and Linux.
Haines added that the data source module is for the most part platform independent and will run on almost anything. He reiterated that the intent of the EPN solution is to work with the existing infrastructure so that organizations have to do very little to integrate it as a networking solution.
Several members brought up products that perform similar functions and wanted to know how EPN compares. They mentioned these products:
The problem with some of these products, Prathuri said, is that they involve the use of some hardware and thus have the shortcomings of traditional VPNs. Netilla, for example, requires the installation of a VPN appliance, as do the WatchGuard solutions. The concept behind the NetSilica solution is to simplify remote access by eliminating the need to configure and maintain the hardware devices.
Other products, such as GoToMyPC and pcAnywhere, have different aims from EPN. As Prathuri pointed out, GoToMyPC isn’t really a corporate solution.
“It’s more of a single-user solution. For people who want to get access to their remote desktop and are little concerned with security, it’s a convenient tool.”
Haines agreed that GoToMyPC, like pcAnywhere, serves a different purpose from EPN.
“It emulates the full screen to give you access to what you see at your desktop from a remote machine. It’s a remote control solution.”
Hastings said he chose not to use such programs at Vanderbilt because he said it would be difficult to manage all of the instances of them running on a large number of machines across the Vanderbilt network.
Novell iFolder is another product that members said serves a similar function. Prathuri and Haines countered that iFolder isn’t designed as the same kind of solution that EPN is.
“iFolder is really a storage solution where you put files in a certain location to be synchronized,” Haines said.
With the NetSilica EPN, there’s no need to have public data in a particular location for remote access because the product allows users to retrieve files from their native locations on the network, whether on a file server or a local desktop.
Security sets EPN apart
Hastings said he opted for EPN over a VPN solution because the encryption makes it more secure.
“All a VPN connection does is give someone a secure connection to your network and give them an IP on the network."
Once a user logs on to the network over VPN, clear-text traffic is transmitted, so usernames and passwords are transmitted between the VPN concentrator and user machines unencrypted. With the EPN solution, Hastings said, users have access to the files they need, and the traffic is always encrypted so it’s potentially more secure than a VPN.
Prathuri said one of the big differences with EPN is that it’s designed with security as a top priority. It tightly controls authentication and uses encryption tunnels between all connections.
Hastings has configured his EPN solution to restrict how users at Vanderbilt can access their files.
“We have it set up so that users can’t share files with others. They can only share files with themselves. That was a policy decision on our part."
Prathuri and Haines described EPN as a cross-platform solution that provides a more comprehensive security model than most popular remote control and remote access programs. It's not designed to be a comprehensive remote access solution. The philosophy behind the product is that only about 10 to 15 percent of remote users need to have the full network access provided by VPN. EPN is targeted at those who don't need that type of access.