RealTime IT News

SonicWALL Ups Enforcement, Features in VPN

In today's economic climate, remote access is becoming increasingly important as organizations downsize their on-site operations. In a move that aims to better cashing in on the trend, secure Virtual Private Network (VPN) vendor SonicWall is now ramping up its Aventail product offering, with enhancements that aims to make it easier for Window, Mac and Linux users to connect to enterprise assets.

SonicWall acquired SSL VPN vendor Aventail in 2007 and last updated the Aventail firmware in January 2008 with version 9. The Aventail 10 release is the first major update since then, and also marks the first new hardware platform for Aventail since the acquisition.

"This is the biggest firmware release that we've done probably since 2005," Chris Witeck, director of remote access products at SonicWALL, told InternetNews.com. "We really had two design goals for this release, acknowledging the fact that the SSL-VPN market is maturing rapidly with new features, and really focusing on making the product easier to manage."

The release also features the new SonicWALL Aventail E-Class Secure Remote Access (SRA) hardware platform, which replaces the Aventail EX series -- a legacy from prior to the SonicWall acquisition. Witeck noted that the new hardware offers improved scalability and integrates with the same look and feel of other SonicWall appliances.

On the firmware side, Aventail 10 introduces new endpoint control capabilities with improved integrity and validation checks -- including scheduled check to ensure users remain in compliance.

"One of the big enhancements is how we conduct the checks," Witeck said. "Previously, checks were only done at user login. The issue there is if the user did something after connecting that changed the state, we wouldn't have known about it."

Additionally, the Aventail endpoint control capabilities are now the same across Windows, Mac and Linux users. That had been a goals for the Aventail 10 release, Witeck said, adding that Aventail used to have features in endpoint control that were only available to Windows users, but that's no longer the case.

He said that demand on Linux has been static, though SonicWall is seeing a surge in demand among Mac users.

"We've always seen an interest in Mac for the work-at-home user, but now we're seeing organizations looking at Mac as from an IT-managed perspective," Witeck stated.

The new Aventail release also aims to make it easier for administrators. Witeck explained that there is a new user session monitoring capability which gives the administrator a simple online way to view users' authorization attempts as well as the applications they access. Previously, that information had been buried in log file data, and not as easily accessible.

Though the new SonicWall Aventail release includes improved endpoint control, it does not yet directly include Network Access Control (NAC) integration or direct integration with federated identity information stores. Earlier this week, Novell released its Access Manager 3.1, which includes an SSL-VPN that provides authentication integration.

Aventail also does not offer support for Security Assertion Markup Language, or SAML , a common method of supporting third-party authentication. However, Aventail does have an API for authentication engines so that third-party vendors can integrate with them.

"We have flexibility and experience to be pretty open on how we receive credentials and pass them on," Witeck said.

In addition to the SonicWALL Aventail E-Class Secure Remote Access (SRA) release, SonicWALL today is also rolling out a new mid-level TZ 210 Unified Threat Management (UTM) appliance. The TZ 210 includes an SSL-VPN in it as well, though it's not the Aventail 10 release. One reason is that the TZ 210 is intended for a far fewer number of concurrent users -- one to two.

But John Gordineer, a project manager at SonicWall, told InternetNews.com that the TZ 210 benefits from the lessons learned in developing the larger product.

"It's not a derivation of Aventail 10 release, but our SSL-VPN team is largely made up of Aventail people," Gordineer said. "So now we have a lot of industry knowledge and that that technology trickles down."