Two VPN service providers are touting features that make it easier for businesses to manage access to their networks by employees, customers and partners.
Providers OpenReach and Fiberlink offer separate software that in different ways reduces the complexity of the day-to-day care of Internet-based VPNs.
OpenReach is introducing an extranet service feature that puts much of the burden of setting up extranets on software in OpenReach's network. Similarly, the software lets different branches of the same corporation that come together via mergers link their networks more quickly, says Marty McCann, MIS manager for ITW Foilmark, a Newburyport, Mass., company that manufactures embossed metal foils.
Advertisement: |
Foilmark was recently purchased by ITW and uses the extranet feature to link its sites to ITW headquarters, McCann says. Once each site has an OpenReach VPN server, extranets can be set up in minutes, he says.
Administrators from participating companies enter the IP addresses of devices to which extranet access will be granted and give the devices a name, such as extranet.mybiz. They also name the devices to which they want to grant access, and post the names on servers in the OpenReach network operations center (NOC).
Then the participating companies approve which extranet groups they want to join. After both parties grant approval, servers in one of OpenReach's three NOCs distribute digital certificates to each party and establish security associations to create VPN tunnels between the designated devices.
This extranet capability is part of a service features set called Off-net Plus that is newly bundled with OpenReach's VPN software. For extranets between companies, this can eliminate a power struggle over who controls the extranet, says Jeff Phillips, an analyst with TeleChoice. Rather than one partner installing VPN gear controlled by another partner in order to set up the link, the OpenReach method grants mutual control over access, he says.
Rather than addressing extranet management, remote-access VPN service provider Fiberlink simplifies another aspect of VPN management: Making sure remote-access users have the proper security software installed and turned on.
Through an agreement with Symantec, Fiberlink's VPNterprise will monitor whether remote PC users trying to connect to a corporate network have Symantec's Norton antivirus software turned on and updated. VPNterprise uses this information to decide whether to deny access.
Fiberlink has a similar relationship with Network ICE for its firewall and intrusion-detection software.
In addition, after a remote machine successfully connects, VPNterprise monitors the PC throughout the session and can kick off the remote machine if the user disables the antivirus software to make their PC run faster.
Fiberlink will not sell Symantec's software; customers must buy it and install it themselves. Fiberlink just adds the ability to centrally enforce policies.
"Keeping the configuration of hundreds of remote PCs the same is just a huge problem for enterprises, and this is a tool to manage it automatically," says Ray Keneipp, program director for The Burton Group.
Fiberlink says by year-end VPNterprise will be able to push updated versions of the antivirus software to remote PCs. The company says it plans to extend its relationship with Symantec and add similar enforcement capabilities to other Symantec products.
VPNterprise support for Symantec antivirus will be a standard offering bundled with Fiberlink's VPNterprise VPN service at no extra cost starting in July. Fiberlink has not decided whether to charge for the autoupdate feature, which will be available by year-end.
RELATED LINKS
