|
This checklist includes all of the most important capabilities to consider when evaluating and comparing SSL VPN vendors and their technology solutions. SSL VPN requirements are organized into six categories: broad access options, ease of use, ease of management, security, vendor technology leadership, and vendor reputation.
BROAD ACCESS OPTIONS
Clientless browser-based access to Web applications, e-mail, intranet, and file shares
Clientless integrated agent access to client/server applications, such as Microsoft? Outlook? and Windows?
Terminal Services
Web-delivered VPN client for complete network access to authorized resources
Layer 3 connection with Layers 4-7 policy control, providing bi-directional policy control for secure access to client/server and back-connect applications
Policy-driven access using full IP network tunneling over
SSL-based on the security of the end-point device
Broad multiplatform support for prevailing and emerging technologies, including Windows, Windows Mobile/
Pocket PC?, Macintosh?, Linux?, Internet Explorer?, Safari?, Firefox?, Symbian?, and WAP 2.0 browsers
Broad end-point support for prevailing and emerging technologies, including managed networks, wireless networks, business extranets, remote laptops, mobile PDAs, smart phones, and kiosks
Broad application support, not only for Web applications, but also those that use UDP, TCP/IP protocols, as well as access to Windows Terminal Services and Citrix?, and back-connect applications such as VoIP, even from wireless devices such as PDAs
Interoperability with existing infrastructure, including corporate and customizable portals
Dynamically adaptive firewall, proxy, and Network
Address Translation (NAT) traversal Support for mapped drives and file browsing
EASE OF USE
Easy portal access to Web-based or client/server applications, as well as Windows file shares (SMB/CIFS/DFS) from virtually any end-point device
Seamless Web-delivered remote access VPN client for a full "in-office" experience
Automatic launch of most appropriate remote access method without user intervention
Automatic dynamic resolution of address, proxy traversal, and route conflicts when using the tunnel
EASE OF MANAGEMENT
Fast and easy setup in as few as 15 minutes
Centrally managed, object-based policy administration using one rule set for all users, groups, resources, and end-point access methods, including mobile PDAs and smartphones
Role-based administration, allowing easy delegation of tasks and controls
System monitoring and detailed preconfigured reports
Customization of personalized, policy-driven remote access portal
Native access to Citrix and Windows Terminal Services
Leverages ActiveX? and Java to offer cross platform support for native access
IPSec replacement using secure Layer 3 network connectivity over SSL
Ability to control split tunneling
High availability through two-node active/active clustering with integrated load balancing for up to eight nodes, without the added cost of a third-party load balancer
SECURITY
Granular user access control rules based upon Itdefined trust level of end-point devices, including mobile PDAs and smartphones
Dynamic access control to a specific application or resource based on access rules and the security of the end-point device
Bi-directional access control that enables multiple secure communication paths for key applications such as remote help desk and VoIP
Fully encrypted sessions to any Windows device with automatic removal of residual Web pages, temp files, attachments, history, cookies, passwords, and downloaded files
Automatic end-point detection of firewalls, anti-virus signatures, mandatory files or directories, operating systems (Windows, Macintosh, or Linux), Windows
Registry settings, and Domain membership prior to authentication
Username/Password authentication and self-service password management features
Support for client-side digital certificate authentication
Aliased access to hide internal network information
(IP and DNS) in Web applications
SSO Integration and authentication with CA? eTrust?, Siteminder?, and RSA Security Cleartrust?
Available in a FIPS-compliant configuration providing security and features required to meet U.S. government security standards
VENDOR TECHNOLOGY LEADERSHIP
Mature technology and strong vision for the future
Recognized by industry analysts as best-of-breed leader in SSL VPN technology
Leverages best of new technology to support emerging business technology trends
Experienced management with many years delivering proven SSL VPN solutions
Focused solely on SSL VPN technology
Dedicated to continuous investment in product development improvements
VENDOR REPUTATION
Numerous customer references and case studies available
Extensive customer base of prominent organizations and major service providers
Analyst acknowledgement of technology and business
Awards for outstanding product performance
24-hour support staffed by SSL VPN experts, not just network or security generalists
Global sales operations
|
