By simplifying deployment and management, SafeWeb offers an easier and less expensive means of securing remote access with its Secure Extranet Appliance (SEA)Tsunami. Scaleable to tens of thousands of simultaneous users, Tsunami centralizes the management of remote users via a browser interface.
For organizations with large numbers of remote users, the Tsunami offers several important benefits:
- Simple setup and configuration
- Ease of use
- Low total cost of ownership
- Cross-platform compatibility
These considerations, in addition to the secure communications SEA Tsunami affords, makes the product an attractive alternative to traditional VPN connections.
Advantages over VPN
SafeWeb refers to Tsunami as an extranet appliance, a device for securing remote access. Most companies are turning to VPN to secure remote user and satellite office connections. But SafeWeb CEO Jon Chun says that SEA Tsunami is a better option for many because it is less expensive and makes it easier to set up and maintain extranets.
“The biggest problems with secure remote access are the complexity and cost. There are a lot of barriers—technical and financial. It’s extremely expensive and a lot of times it’s not too easy or it’s not compatible or even possible to roll out these proprietary VPN solutions."
Chun said he wanted to develop a solution that an organization could drop into place to allow users to access files, e-mail, and applications they needed via a browser.
“What’s unique and new about the product,” he said, “is that it’s completely Web-based.”
Tsunami's simplicity makes it less costly and easier to implement than typical VPN solutions, and its high level of compatibility prevents it from suffering from the proprietary shortcomings of VPN solutions.
In fact, Chun said, “It’s about one-tenth or one-twentieth the cost of traditional VPNs, and there are virtually no technical barriers.”
He also said that because it simplifies remote access, Tsunami improves security. Simplicity means that users don't introduce security risks by trying to find easier ways of doing things.
“It’s the human element that’s the weak link in security. When you make things complex, people will work around them to make them simple, and that’s the way they’ll compromise security.”
The use of the Web-based interface also enhances security, Chung said, because remote users "never see a desktop, a command line, or a control panel, so they can’t accidentally or intentionally upload and execute potentially dangerous Trojans or viruses.”
Remote access through a browser limits what the user can do and thus prevents actions that compromise security. At the same time, because the interface is easy to use and not overly complicated, users don’t need to find ways to work around security measures.
“The simplification,” said Chun, “wraps the remote user in bubble wrap so they can’t hurt themselves or the system.”
Scalability and the NMIMC
Tsunami has the potential to give remote users a secure and easy means of accessing information on enterprise networks, but how many users can it support?
Chun said that a single Tsunami box can support several thousand concurrent user connections. For organizations with a high number of remote users, multiple Tsunami boxes can be installed and load balanced. The rule of thumb to follow for determining how many boxes are needed is that one in 10 remote users may be logged in at any given time.
“If you have 10,000 remote users, you could probably get by with a 1,000-concurrent connection device. A lot of it depends on your peak usage profiles as well as what resources they’re accessing,” Chun said.
The U.S, Naval Medical Information Management Center (NMIMC) in Bethesda, MD, has a large remote population that's using Tsunami to access information. The NMIMC must support a population of between 25,000 and 50,000 remote users who need to have access to e-mail, files, and the NMIMC intranet. Senior Network Security Engineer Robert L. Green said that the NMIMC is currently using one box with failover to support reservists who need access to their data from points all over the world.
The Tsunami device that the NMIMC is currently using supports 2,500 concurrent users, but Green says that because it hasn't been advertised much to users and because it’s still in testing, the highest number of users logged in at once has been 638.
Green said the performance of the device has been exceptional. What limits performance the most, he said, is not the capabilities of the device itself, but the NMIMC’s bandwidth. With many users logged in at once—for example, the 638 recorded in one instance—Green said the performance hit was due to limited bandwidth.
An important reason that the NMIMC decided to consider Tsunami is that the Department of Defense is leery of VPNs, which are often targets of hacker attacks. Tsunami, Green said, offers a better means of securing communications by reservists all over the world who can simply use a browser to access their data. In addition to the encryption used, the communications are more secure because they’re isolated.
“We have an IP address for the Tsunami appliance,” Green said. “We allow access from any IP address in the world to that IP address on only one port, and it encapsulates all the traffic on that one port. So no matter what they do, they cannot leave that machine.”
Tsunami offers the reservists an easy way to access everything they could normally access if they were sitting at a desk in an office at the NMIMC.
“You would have access to your e-mail and your public and home drives, and we can give you access to the Internet. You could be sitting in Japan, log in to our machine, and browse the Internet from our machine.”
Green said Tsunami was easy to set up and configure. It took just three hours to get Tsunami installed on the NMIMC network.
“We installed it on the network, assigned it an IP address, told it what we wanted people to have access to, set up the links, and told it to authenticate through our [primary domain controller].”
Additional tweaks were necessary, but they were related to network issues and not to the appliance itself. Green said he’s looking forward to the next release, which will offer even more functionality, enabling users to perform a wider variety of tasks through the device.
A viable option
The SEA Tsunami looks like a viable option for organizations with large remote user populations who want to secure connections easily and inexpensively. Jon Chun believes the device is ideally suited to enterprises that want to avoid the complexity and cost of VPN solutions, and he says Tsunami also helps companies avoid compatibility issues among different operating systems.
By simplifying the whole process of establishing and maintaining a remote access portal, Tsunami promises to offer easy and secure access at a lower cost than the predominant VPN approach. The experience of the NMIMC, which must support a large population of remote users scattered about the globe, demonstrates that SEA Tsunami is worth a look as an alternative to VPN.