1 - What is the AEP Netilla Security Platform?
The
AEP Netilla Security Platform (NSP) appliance is an ICSA
Labs-approved SSL VPN appliance that
provides secure remote access to a wide range of
enterprise applications, using a Web browser as
a ready-made access. The NSP resides in the DMZ,
typically behind the corporate firewall and in
front of application servers, and runs on AEP’s
proprietary Netilla dynaTRUST O/S, a comprehensive
policy management and enforcement operating system
for secure application access management. With
the NSP, ease of maintenance is key: No integration
or programming is required, while Netilla's Subscription
Software Services deliver automated security and
feature updates and upgrades.
As the industry’s most versatile SSL VPN,
the NSP combines three application-access technologies
into a single gateway device. The NSP is available
in three performance classes designed to meet varying
capacity needs, and can be modeled to support one,
two or all three access methods.
With a proprietary, closed-system architecture,
the NSP functions as a secure, web-based application
access portal to a variety of centralized resources,
ranging from traditional client/server applications
to web and intranet applications. All transmissions
between the NSP and the local machine are encrypted
using SSL (secure socket layer) technology, while
site authenticity is assured through built-in digital
certificate support.
>
Back to Top
2 - What is the Netilla Secure Gateway Appliance
(SGA)?
Powered by Netilla's ICSA Labs-certified SSL VPN technology, the Netilla SGA has been expressly designed to provide clientless, secure remote access to specific application environments. For instance,
the SGA-T provides the secure, network-layer connectivity typical of IPSEC approaches, but with the cost and management advantages inherent with SSL VPNs.
> Back
to Top
3 - What are the advantages of AEP SSL VPN platforms
over traditional IPSec VPNs when used for remote access?
SSL VPNs provide distinct advantages over IPSec
VPN alternatives when used for remote access. Organizations
that need to provide remote access to extranet
partners, mobile employees, telecommuters, or distant
branch offices often find that the simplified and
cost-effective SSL VPN approach is the best solution:
• SSL VPNs leverage the browser as a ready
made "client” -- this means less management
cost for remote machines
• SSL VPNs are NAT-compatible and communicate over a single firewall port,
translating into fewer configuration requirements
• Some SSL VPNs (such as the NSP) can deliver access to remote applications
in a variety of modes, including "thin-client” approaches that totally
eliminate software requirements for remote computers
• SSL VPN appliances mean centralized and manageable security in one platform
For these reasons, remote access SSL VPNs lead
inevitably to a lower Total Cost of Ownership (TCO) when deployed for remote access needs.
> Back
to Top
4 - What are the benefits of an application-layer
proxy?
SSL VPNs such as the NSP are able to deliver their
rich set of application access modes by functioning
as an "Application Layer Proxy". SSL
VPNs are so-called because they operate at layer
seven – the application layer – of
the OSI model, as opposed to IPSec VPNs, which
operate at the network layer.
Application-layer proxies protect internal data
from direct exposure to the Internet in two important
ways. First, web and application servers are never
directly "touched” by remote users.
Access is only through a "proxy” – the
SSL VPN appliance itself – that terminates
and translates application protocols before they
are allowed to reach the internal network.
Second, an application-layer proxy boosts security
by applying authentication and policy before allowing
connections to application servers. Because termination
occurs at the Netilla appliance, security can be
applied before data requests are transmitted to
private network application servers.
With the NSP, for instance, legacy applications
are provided via an integrated protocol converter
that translates native protocols such as Microsoft
RDP for Terminal Services, SSH for X.11, and Telnet
for mainframes. With AEP’s thin-client technology
for remote access, only screen changes, keyboard
inputs, and mouse clicks are transmitted in a proprietary
scheme over highly compressed data streams.
Similarly, Web-based and intranet applications
can be securely accessed with the NSP or the SGA
without exposing non-hardened intranet servers
to outside attack. In this case, a reverse web
proxy is accomplished through a speedy translation
engine that rewrites all Web data coming from the
Web server, hiding the internal network structure
from unauthorized users. This also means that Web
components, such as JavaScript, ActiveX or Java
applets can be filtered as needed.
> Back
to Top
5 - What are AEP’s
SSL VPN advantages over other security Web Offerings?
Unlike portal offerings or build-your own web solutions,
the packaged appliance offerings of AEP’s
SSL VPNs allows quick installation and easy security
maintenance. With AEP, there are no additional
servers to install, manage and patch. The versatility
of a single gateway with built-in compatibility
to existing protocols, along with a diverse application
infrastructure, means more manageable and affordable
security. In fact, many of our customers use AEP
platforms as a remote access compliment to their
existing Citrix infrastructure or web server farms
instead of traditional VPN or other hardening solutions.
> Back
to Top
6 - What strengths do you have over other SSL VPN
vendors?
Versatility. The NSP, for instance, provides clientless,
browser based remote access to literally thousands
of centralized client/server "legacy” applications
as well as intranet web portals and Web-based applications.
With three different access modes for different
application types (server-based, web-based, and
local software clients), the NSP completes a company's
access strategy, enabling all remote users to securely
access a variety of critical applications from
just a web-browser. Three different access modes
in a single appliance, protected through the Netilla
SecureRealm Framework and kept updated with the
Netilla Software Upgrade GeNIE, means a remote
access security solution that meets the needs organizations
both large and small.
Netilla also leverages the strengths of our Netilla
Certified Solutions Providers. Many of these value-add
resellers already know your business and IT operations
and can provide the NSP as part of a total security
and remote access solution.
> Back
to Top
7 -How easy are AEP SSL VPN platforms to install
and maintain?
In many situations, the NSP installs in hours;
the application-specific SGA can be setup and running
within minutes. For more complex environments with
abundant remote access services, or for enterprises
with a large variety of trusted user groups, installation
of the NSP may take up to a day. Longer set-ups
involve integrating external security elements
so the NSP can take advantage of the rich security
fabric already in place. There's no software programming
needed for application servers, no additional middleware
to set-up on application servers (beyond Terminal
Services for thin-client access to Windows servers
or for Netilla's advanced server load balancing),
and typically no new hardware servers to secure
transactions or optimize performance.
With Netilla's Subscription Software Service,
Netilla Certified Solutions Providers can take
advantage of advanced maintenance tools like the
Netilla Software Upgrade GeNIE and 24 x 7 reseller
technical support to keep your appliance secure
with remotely managed updates, while delivering
new and improved features through automated upgrades.
> Back
to Top
8 - How simple is the NSP for my end-users to use?
With a web-browser and an understanding of the
security protocols you may already have designated
for login, an enduser can immediately begin accessing
the NSP for secure remote access to applications.
When accessing applications residing on a remote
server, the application will run in the same format
as in the office and almost as quickly. Our proprietary
Internet compression techniques for thin data streams
dynamically optimize bandwidth based on your desktop
processing power and Internet connection.
For web applications, a few clicks bring users
right to those intranet resources they are allowed
to view. And for NSP users utilizing local desktop
applications and synching off-line work with central
servers, launching an SSL tunnel connection is
as easy as a one-time download of the Netilla Virtual
Adapter, starting a connection session and using
your local application client as you normally would.
> Back
to Top
9 - What applications can I connect to?
For clientless access to remote applications, the
NSP enables instant connectivity to any Windows,
UNIX, Linux, or mainframe resource – without
VPN clients or application software on your local
machine. Literally hundreds of applications, including
many proprietary applications, are running securely
behind an NSP today. Many of our customers also
use the NSP as an SSL VPN for access into Citrix
servers, providing the benefits of security and
ease of management with the full functionality
and scale of a distributed computing model.
The NSP also enables secure access to intranet
web applications and private portals, including
pages that incorporate complex JavaScript.
For desktop applications connecting to central
servers to exchange the latest updates, the unique
Netilla Virtual Adapter technology works with any
PC-client application – including both TCP-
(standard client/server applications) and UDP-
(for real time voice, video and messaging)-based
applications.
The Netilla SGA is designed for specific application
access. For instance, the SGA-C provides secure,
web-based access to an existing Citrix MetaFrame
Presentation Server environment.
> Back
to Top
10 - What authentication and authorization solutions
do you work with?
In order to securely accommodate differing levels
of trust for diverse user communities, the AEP
SSL VPN platforms incorporate the Netilla SecureRealm?
framework for granular access control on a user-by
user or group basis. This powerful framework integrates
external authentication and policy structures,
providing the flexibility for a variety of user
situations, including extranet partners, work-at-home
employees, mobile field staff, MSP customers or
even internal employees located within the boundaries
of the LAN.
Using the Netilla SecureRealm Framework, an organization
can implement a dynamic application-layer policy
enforcement point located in a DMZ or security
zone, and enforce that policy before the user's
traffic reaches the application server in the data
center. This policy engine at the edge of the network
allows AEP SSL VPNs to function as a secure barrier
to private network resources.
AEP’s flexible SecureRealm Framework works
with numerous authentication and authorization
protocols, including 2-factor solutions RSA SecurID®,
Vasco, and ActivCard, along with Windows® 2000,
Active Directory, LDAP, RADIUS, and Kerberos. Consult
Netilla's latest Technical Specifications data
sheets for more details.
|
