Move over, VPN; there’s a new remote access solution in town. NetSilica’s Enterprise Private Network (EPN) offers a viable, browser-based alternative to traditional VPNs. The solution lets users retrieve files and e-mail and run applications over the Internet. No extra hardware is required, so the solution can be easier to manage and less costly than VPNs.
A number of factors, including ease of use, security features, and management and monitoring options, combine to make the NetSilica EPN an attractive option for user remote access—but it does have a few drawbacks.
The NetSilica EPN solution consists of three components:
- Data source client
- Server module
- Web browser
Once the data source client and server modules are in place, users just need a Web browser to remotely access or upload files, check e-mail, and run applications. EPN uses data authentication and SSL encryption, securing transactions via 3DES encryption. EPN also integrates with existing authentication methods and portals, and all user activity is tracked and stored. You can monitor activity to detect suspicious activities and ensure that users do not misuse remote access privileges. And since user privileges are defined via access lists, you can control what each user can do, what drives and directories are accessible, and what applications each person can run.
EPN offers these potential benefits:
- Minimal user training is required.
- There’s no hardware to install.
- Infrastructure and maintenance costs are lower.
EPN’s browser interface makes it easy to use. Little or no training is required for end users. Configuration is also accomplished via a browser interface, making it simple to set up and create user access privileges. In addition, EPN eliminates the hassle of configuring additional hardware and may be more economical than traditional solutions, which include the cost of purchasing and maintaining VPN hardware.
Setting up EPN
The first step in EPN setup is to install the data source client. The client provisions itself to give a user remote access to his or her desktop, including Outlook and data files, and sets up that client machine as the data source. NetSilica also offers software that enables access to other applications, such as Lotus Notes. NetSilica claims it can create a data source on any computer on your network.
The EPN client can be installed with default settings to give users minimal permissions to access a particular data source. The default access settings are ideal for users who simply need to remotely retrieve data from their work computer. And for the admin, deploying this default configuration is easy.
“We can deploy EPN to tens of thousands of users in a matter of hours in this manner,” said NetSilica COO David Haines.
Once you have a machine set up with the data source client, you can specify what items users will be able to access. This includes network drives and directories available to the machine on which you’ve configured the data source. You can use the Explorer-like interface to drill down to specific folders and even individual files to limit what’s accessible to each user through EPN.
You can also log in to the data source from a remote machine and add folders and drives to be accessed from that machine. For example, you can install the data source on your machine at work and then select particular drives and folders you want to be able to access remotely—from your home computer, for instance. You could also install the data source on your machine at home and do the same thing, and thus be able to retrieve files and e-mail from both machines from either location. Figure A shows the interface used to select machines and drives to set up for remote access.
|Selecting drives for remote access|
The server module handles all the security features, such as the authentication and encryption, and acts as a pass-through manager for the remote access. Haines said that EPN integrates with existing authentication, including NT, ADS, and LDAP, to create a single sign-on environment.
“This makes it faster and easier to deploy because you don’t have to go in and set up each user.”
Putting EPN to work
EPN offers users an easy way to access important data on multiple machines. For users who travel frequently, it is a convenient solution that can offer a quick and easy alternative to traditional remote access methods.
Retrieving and uploading files is as easy as clicking the Get File and Put File buttons on the toolbar. As long as users have a browser, they can access machines remotely from practically anywhere.
“We can work on any browser-based device, so whether you have a phone or a Palm or a Blackberry or an iPac—anything with a [Web] browser and an Internet connection, you can connect and access data,” Haines said.
Scheduler and file transfers
Another interesting feature available in EPN is the Scheduler, which allows users to set up automatic file transfers between machines. This may be useful if there are particular files a user always needs from different locations. Haines touts Scheduler as a secure replacement for FTP because everything is encrypted.
“From the usernames and passwords to the data from terminal to terminal, everything’s encrypted. Nothing is clear text.”
Users can schedule a one-time transfer or set up transfers to occur on a regular basis, depending on what they need. EPN uses whatever tools users have available to compress files they are transferring. When retrieving files, users have the option of either downloading it and opening it with the associated application or opening it in their browser.
According to Haines, the initial file transfer may take longer than usual because the system must synch up the encryption algorithm. He added that the transactions are secure because you never touch the network itself.
“The server software manages connections from the access device to the data source, so from the browser, you can never go straight through to access [the corporate] network.”
Another feature that makes file transfers safe is the inability to delete or overwrite files without permission. The default permissions established upon initial setup prevent files from being overwritten. So unless users have permission to do so and deliberately tell the software to do it, they can never delete or replace files remotely.
In addition to transferring files back and forth, users can access Outlook or Notes to check e-mail. EPN lets users open Outlook in a pure HTML interface. Haines said that this is an advantage because it works from any browser.
“We don’t invoke the client from Outlook on the local machine, and we don’t require ActiveX, so we work in any environment.”
EPN also allows users to send attachments from whatever machines are set up in the data source. Whereas most Web-based Outlook interfaces provide access only to files on the user’s local machine, EPN lets users send files from any machines, drives, and directories that are accessible to them. In other words, users can remotely access Outlook from home and select files on their machine at work to send as attachments to others.
EPN thus offers added functionality that users wouldn’t normally have when remotely accessing Outlook. However, these features do come with a price. In my testing of the product, this was the least reliable feature. Occasionally, it would take a long time for Outlook to come up once I had clicked on it, and sometimes, it timed out entirely. It certainly was not as reliable as Outlook Web Access.
Because NetSilica’s EPN solution encrypts all transactions and allows admins to configure and monitor user access, it can offer a secure means of letting users share files and read e-mail from anywhere. Haines said that the encryption, authentication, and logging features of EPN make it a good solution for those organizations (mostly in the healthcare industry) scrambling to comply with HIPAA requirements, which demand a high level of information security. He noted that organizations that have a large base of users who need to occasionally access e-mail and files from home or on the road are also target customers of the solution.
For other organizations, EPN represents an alternative to traditional remote access solutions that require additional hardware and complex security requirements that must be managed when dealing with VPN. NetSilica’s solution could potentially better safeguard remote transactions because of the simplified security model.
This solution is probably best suited for employees who need to remotely access files and e-mail on an irregular basis. Such users typically don’t need a full-fledged VPN connection, and for them, a solution such as NetSilica’s EPN can be much easier to deploy and support. However, this solution is not really a viable VPN replacement for full-time telecommuters and remote workers who regularly log a lot of remote access time and/or need to remotely access a variety of different resources beyond simply e-mail and files.