A modified graphic of a computer network is the logo for AEP Networks, a provider of remote access and data security products, including public key infrastructure solutions and our award-winning SSL VPN internet security appliances.
Home Contact Us
 
 
    Products
 
Products Overview
High Assurance Networking
  Net
  Keyper
Remote Access
  SmartGate
  Netilla SSL VPN
     Overview
     NSP FIPS Support
      Certification
     Access Features
     Security Features
     Netilla Load Balancer
     FAQ
Identity-Based Access Control
   Overview
 IDpoint
Datasheets
White Papers
Certification
Resources
   
home » products » nsp » ssl vpn technology

SSL VPN Technology Overview

SSL VPNs from AEP Networks are ICSA Labs-approved appliances that provide secure remote access to a wide range of enterprise applications, using a Web browser as a ready-made access client. As a dedicated network appliance, our platforms typically reside between a company's firewall and application servers, integrating seamlessly into existing network and security designs. With AEP SSL VPNs, remote users need only a computer and a Web browser to access virtually any business application on the corporate network, including Windows, UNIX/Linux, and mainframes.

With a proprietary, closed-system architecture, our NSP and SGA platform functions as secure, web-based application access portal to a variety of centralized resources, ranging from traditional client/server applications to web and intranet applications. All transmissions between the SSL VPN appliance and the local machine are encrypted using SSL (secure socket layer) technology, while site authenticity is assured through built-in digital certificate support.

Futher distinguishing the AEP approachn from other SSL VPN solutions, our platforms offer the choice of three application-access technologies:

Thin/Application Gateway Access to Server-based Applications (Layer 7)

AEP’s family of SSL VPNs offer remote access to remote applications by incorporating Web-enabling technology directly within the platform. This integrated approach, unique to AEP among SSL VPN vendors, eliminates the need for enterprises to deploy and maintain server-based “middleware” — such as Citrix Secure Gateway — or remote-access clients, such as those required by IPSec approaches.

For example, in the NSP’s thin access model, the NSP initiates a session to the application server on behalf of the user, and presents a rendering of the session to the user’s web browser. This allows the user to interact with the application as if it were installed locally.

In this way, the NSP “intermediates” the connection between remote-client requests and the network server, terminating incoming connections at the application layer. Once the incoming request is terminated, the NSP processes and translates the data to the appropriate backend application protocol – in this case, RDP for the terminal server, which presents the Outlook application to the user. The NSP then resends the application data back to the user’s browser, in the form of HTTPS traffic via “screen scraping” technology. At no time is the enduser directly connected to a “private side” network resource.

Netilla’s thin access mode supports applications residing on Windows, UNIX, Linux, mainframe and AS/400 servers. By incorporating remote printing, client drive mapping, and file access, this approach effectively recreates the main office environment from any authorized computer.

Secure Access to Web-based Applications and Portals

The Netilla family of SSL VPNs from AEP enable secure access to internal Web-based applications, intranet sites and portals with a proprietary Web Reverse Proxy technology. Our built-in HTML translation engine dynamical rewrites all user requested Web pages, obscuring the URL, network topology, and source code of the originating Web application.

The similar proxy approach used for Thin access is also well suited for Web-based intranet applications and portals. In this case, the NSP and SGA terminate, examine, and rewrite HTTP requests. Remote users are then presented with Web-application resources as allowed by corporate-defined security policy. For more complex web applications, such as Citrix Web Interface, the NSP employs a sophisticated Java applet re-write module, allowing smooth presentation of these applications.

Authorized remote users thus gain instant, clientless access to a wide range of internal Web applications from any location, allowing internal DNS addresses that do not resolve publicly to be accessed securely over the Internet. Company Web servers remain safe behind the firewall, in a highly secure portion of the private network, without the cost and maintenance of locking each server down for public access, while administrators gain granular access control to directories, servers, and paths on a user or group basis. At no time is the enduser directly connected to a “private side” network resource.

Network Layer Access to Client/Server Applications (Layer 3)

The third access mode option supported by the Netilla family of SSL VPNs allows access to client-server applications that require synchronization directly with the corporate server. We provide this data transfer over a Layer 3 SSL tunnel, which is accomplished by using the browser as a conduit to install a virtual adapter. The virtual adapter negotiates the secure SSL tunnel via the user’s Web browser to the NSP or SGA, where each of these SSL tunnels is terminated as a PPP interface. Policy may be applied to these interfaces using the NSP’s integrated stateful packet inspection (SPI) firewall, facilitating a policy enforcement point similar to the NSP’s other access modes.

The NSP and SGA also allow for applying dynamic policy over the layer 3 SSL tunnel. In this mode, our dynamic firewall is used to open and close specific ports, such as for Microsoft Exchange. For the duration of each session, the administrator is able to grant access only to the Exchange server – or to limit access to that server for groups of users - as needed.

The Most Versatile SSL VPN on the Market

By merging three access technologies into a single appliance, the NSP provides a full-spectrum remote-access solution that meets EVERY application access type. The result is a powerful tool - one that delivers a high level of flexibility for network administrators, who can arm their remote users with a wide range of applications based on changing conditions and needs, while protecting the company’s critical business assets.

Please refer to our white papers for more information, or contact AEP directly.

  
Related Resources:
 
   
New! AEP Netilla Release 6!
AEP Netilla SSL VPN Datasheet
AEP Netilla Load Balancer Datasheet
Joel Snyder’s “Lock Your Windows” webcast
Try the Netilla Live Demo
 
Case Studies
Higashi-Matsuyama Medical Association
Disaster planning: Access for emergencies
Medical Associates of the Lehigh Valley
Philadelphia Stock Exchange
Southern University
Click here for more case studies
 
Datasheets
Netilla Datasheet
More datasheets
"If it hadn’t been for Netilla, doctors and labs wouldn’t have been able to connect with the hospital. By setting up remote access, we lessened the ‘life or death’ situation...this was a great lesson in disaster recovery."

Terry Evans, CIO
Thibodaux Regional Medical Ctr.
White Papers
Preparing for Emergencies: Secure Remote Working for Continuity of Operations
SSL VPN Application Access Technology: A Functional Description
Lock Your Windows: Securing Microsoft® Terminal Server and Citrix® Environments with SSL VPNs
Secure Access for Healthcare: SSL VPN Advantages
Securing Citrix® with SSL VPNs: The Secure Access Gateway Alternative

More White Papers
 
SSL VPN Technology
Overview
   
Other Resources
Secure Access Central
  This security portal delivers comprehensive coverage of endpoint security and policy-based, access control including robust SSL VPN and NAC solutions.
 
     
 
 

About | News | Solutions | Products | Demo | Where To Buy | Partners | Support | Contact Us | Sitemap| Webmaster | Legal | Home