|
|
|
|
|||
|
Home | |
Contact Us | |
||
|
||||||
|
||||||
|
|
|
|
|
|
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||
1 - What is the AEP Netilla SSL VPN?The AEP Netilla appliance is an ICSA Labs-approved SSL VPN appliance that provides secure remote access to a wide range of enterprise applications, using a Web browser as a ready-made access. Netilla resides in the DMZ, typically behind the corporate firewall and in front of application servers, and runs on AEP’s proprietary Netilla dynaTRUST O/S, a comprehensive policy management and enforcement operating system for secure application access management. With Netilla, ease of maintenance is key: No integration or programming is required, while Netilla's Subscription Software Services deliver automated security and feature updates and upgrades.As the industry’s most versatile SSL VPN, Netilla combines three application-access technologies into a single gateway device. Netilla is available in three performance classes designed to meet varying capacity needs, and can be modeled to support one, two or all three access methods. With a proprietary, closed-system architecture, Netilla functions as a secure, web-based application access portal to a variety of centralized resources, ranging from traditional client/server applications to web and intranet applications. All transmissions between Netilla and the local machine are encrypted using SSL (secure socket layer) technology, while site authenticity is assured through built-in digital certificate support. 2 - What are the advantages of AEP SSL VPN platforms over traditional IPSec VPNs when used for remote access?SSL VPNs provide distinct advantages over IPSec VPN alternatives when used for remote access. Organizations that need to provide remote access to extranet partners, mobile employees, telecommuters, or distant branch offices often find that the simplified and cost-effective SSL VPN approach is the best solution: • SSL VPNs leverage the browser as a ready made "client” -- this means less management cost for remote machines For these reasons, remote access SSL VPNs lead inevitably to a lower Total Cost of Ownership (TCO) when deployed for remote access needs. 3 - What are the benefits of an application-layer proxy?SSL VPNs such as Netilla are able to deliver their rich set of application access modes by functioning as an "Application Layer Proxy". SSL VPNs are so-called because they operate at layer seven – the application layer – of the OSI model, as opposed to IPSec VPNs, which operate at the network layer.Application-layer proxies protect internal data from direct exposure to the Internet in two important ways. First, web and application servers are never directly "touched” by remote users. Access is only through a "proxy” – the SSL VPN appliance itself – that terminates and translates application protocols before they are allowed to reach the internal network. Second, an application-layer proxy boosts security by applying authentication and policy before allowing connections to application servers. Because termination occurs at the Netilla appliance, security can be applied before data requests are transmitted to private network application servers. With Netilla, for instance, legacy applications are provided via an integrated protocol converter that translates native protocols such as Microsoft RDP for Terminal Services, SSH for X.11, and Telnet for mainframes. With AEP’s thin-client technology for remote access, only screen changes, keyboard inputs, and mouse clicks are transmitted in a proprietary scheme over highly compressed data streams. Similarly, Web-based and intranet applications can be securely accessed with Netilla without exposing non-hardened intranet servers to outside attack. In this case, a reverse web proxy is accomplished through a speedy translation engine that rewrites all Web data coming from the Web server, hiding the internal network structure from unauthorized users. This also means that Web components, such as JavaScript, ActiveX or Java applets can be filtered as needed. 4 - What are AEP’s SSL VPN advantages over other security Web Offerings?Unlike portal offerings or build-your own web solutions, the packaged appliance offerings of AEP’s SSL VPNs allows quick installation and easy security maintenance. With AEP, there are no additional servers to install, manage and patch. The versatility of a single gateway with built-in compatibility to existing protocols, along with a diverse application infrastructure, means more manageable and affordable security. In fact, many of our customers use AEP platforms as a remote access compliment to their existing Citrix infrastructure or web server farms instead of traditional VPN or other hardening solutions.5 - What strengths do you have over other SSL VPN vendors?Versatility. Netilla, for instance, provides clientless, browser based remote access to literally thousands of centralized client/server "legacy” applications as well as intranet web portals and Web-based applications with an "unlimited" license model to support any user environment. With three different access modes for different application types (server-based, web-based, and local software clients), Netilla completes a company's access strategy, enabling all remote users to securely access a variety of critical applications from just a web-browser. Three different access modes in a single appliance, protected through the Netilla SecureRealm Framework and kept updated with the Netilla Software Upgrade GeNIE, means a remote access security solution that meets the needs organizations both large and small.
Netilla also leverages the strengths of our Netilla Certified Solutions Providers. Many of these value-add resellers already know your business and IT operations and can provide Netilla as part of a total security and remote access solution. 6 - How easy are AEP SSL VPN platforms to install and maintain?In many situations, Netilla installs in hours. For more complex environments with abundant remote access services, or for enterprises with a large variety of trusted user groups, installation of Netilla may take up to a day. Longer set-ups involve integrating external security elements so Netilla can take advantage of the rich security fabric already in place. There's no software programming needed for application servers, no additional middleware to set-up on application servers (beyond Terminal Services for thin-client access to Windows servers or for Netilla's advanced server load balancing), and typically no new hardware servers to secure transactions or optimize performance.With Netilla's Subscription Software Service, Netilla Certified Solutions Providers can take advantage of advanced maintenance tools like the Netilla Software Upgrade GeNIE and 24 x 7 reseller technical support to keep your appliance secure with remotely managed updates, while delivering new and improved features through automated upgrades. 7 - How simple is Netilla for my end-users to use?With a web-browser and an understanding of the security protocols you may already have designated for login, an enduser can immediately begin accessing Netilla for secure remote access to applications. When accessing applications residing on a remote server, the application will run in the same format as in the office and almost as quickly. Our proprietary Internet compression techniques for thin data streams dynamically optimize bandwidth based on your desktop processing power and Internet connection.For web applications, a few clicks bring users right to those intranet resources they are allowed to view. And for Netilla users utilizing local desktop applications and synching off-line work with central servers, launching an SSL tunnel connection is as easy as a one-time download of the Netilla Virtual Adapter, starting a connection session and using your local application client as you normally would. 8 - What applications can I connect to?For clientless access to remote applications, Netilla enables instant connectivity to any Windows, UNIX, Linux, or mainframe resource – without VPN clients or application software on your local machine. Literally hundreds of applications, including many proprietary applications, are running securely behind a Netilla appliance today. Many of our customers also use Netilla as an SSL VPN for access into Citrix servers, providing the benefits of security and ease of management with the full functionality and scale of a distributed computing model.Netilla also enables secure access to intranet web applications and private portals, including pages that incorporate complex JavaScript. For desktop applications connecting to central servers to exchange the latest updates, the unique Netilla Virtual Adapter technology works with any PC-client application – including both TCP- (standard client/server applications) and UDP- (for real time voice, video and messaging)-based applications. 9 - What authentication and authorization solutions do you work with?In order to securely accommodate differing levels of trust for diverse user communities, the AEP SSL VPN platforms incorporate the Netilla SecureRealm? framework for granular access control on a user-by user or group basis. This powerful framework integrates external authentication and policy structures, providing the flexibility for a variety of user situations, including extranet partners, work-at-home employees, mobile field staff, MSP customers or even internal employees located within the boundaries of the LAN.Using the Netilla SecureRealm Framework, an organization can implement a dynamic application-layer policy enforcement point located in a DMZ or security zone, and enforce that policy before the user's traffic reaches the application server in the data center. This policy engine at the edge of the network allows AEP SSL VPNs to function as a secure barrier to private network resources. AEP’s flexible SecureRealm Framework works with numerous authentication and authorization protocols, including 2-factor solutions RSA SecurID®, Vasco, and ActivCard, along with Windows® 2000, Active Directory, LDAP, RADIUS, and Kerberos. Consult Netilla's latest Technical Specifications data sheets for more details. |
|
|||||||||||||||||||||||||||||||||||||||||||||||
Back to Top
