Aventail is upgrading its SSL VPN agent software so it can initiate transactions between remote branch machines and central site servers and databases automatically, eliminating the need for staff to perform routine daily tasks between sites.
The new capability lets users script the remote agent to set up VPN connections and trigger scheduled transactions and is part of ST2, which is the latest upgrade of the software that runs on Aventail's SSL VPN appliances.
ST2 supports digital certificates that identify remote machines when they try to connect to the VPN. Based on the status of the certificate, ST2 allows or restricts access depending on what policy has been set by IT security executives.
Aventail does not supply the certificate infrastructure, but customers that have certificates use them to shore up network security when mobile devices are lost or stolen: When a laptop or PDA is missing, administrators revoke its certificate, making it impossible for a thief to gain access with it to the VPN. Meanwhile, the access rights of the person whose laptop was involved remain intact, so he can continue to reach the VPN via other machines. This is a feature that other vendors, such as Whale Communications, already have.
The upgrade lets customers set up a quarantine zone where machines that fall short of configuration policies can be sent custom text directing users to URLs where they can seek remediation. Juniper and other SSL vendors offer this feature.
Aventail is adding support for checking the status of Windows Mobile devices to determine if their configuration meets corporate security policies. Previously the software determined that a Windows Mobile device was attempting to connect to the network, but didn't query it about configuration and applications.
ST2 software adds persistence to SSL VPN sessions that lets users move machines from one network connection to another without having to reestablish a VPN connection. For example, a person accessing a corporate network with a wireless LAN who plugs the computer into the network via an Ethernet jack can maintain a VPN connection without having to reauthenticate.
The ST2 software is expected to be available next month. Local pricing is yet to be finalized.