Getting a grip on access management

Undertaking an enterprise access management project can be so complicated that the IT manager might be hard pressed to remember his own name at the end of it all. But NetScreen Technologies Inc. says its new Instant Virtual Extranet (IVE) platform could help corporate technology leaders maintain their sanity.

The Sunnyvale, Calif.-based network gear maker earlier this month unveiled IVE Version 4.0, the latest access management software running on NetScreen’s SSL VPN appliances.

Successor to Version 3.3, the new software lets companies control remote access to corporate-served apps according to the user’s duties, her relationship with the company, and even the time of day, NetScreen said.

The firm pointed out that increasingly the enterprise must provide remote access not just for employees, but for customers, partners and suppliers too. As a result, “you need much more sophisticated authentication and authorization policies,” said Vivian Ganitsky, product-line manager at NetScreen.

But it’s not always easy to create a security policy for users that is at once strong and easy to implement. Ganitsky described access management’s do-it-yourself model as “a nightmare” fraught with server duplication, operating system upgrades and ever-changing vendor specs.

“Any time the Web server or app server changes versions, the agents have to be changed,” she said. “Any time the access management vendor puts out a new product, [customers] have to manage all of those agents.”

NetScreen means to simplify the process with IVE 4.0, which runs on the firm’s 1000, 3000 or 5000-series SSL VPN appliances. IVE is one of the products that NetScreen added to its portfolio after acquiring Neoteris Inc. last year.

New access privilege capabilities in 4.0 let customers control who can see what, and when: grant access rights according to time-of-day, user profile and the remote computer’s configuration. If, for instance, the remote PC carries a digital certificate, the user may be granted access to more applications and files than he would if the computer didn’t have a certificate, Ganitsky said.

According to NetScreen, 4.0 offers customizable user interfaces to distinguish, say, the image that the company’s employees see when they enter the network, and the image for partners, which might present a different set of applications.

This latest iteration supports multiple host names, like “” for partner access and “” for the enterprise’s own staffers. “That’s very key in scenarios where customers are trying to secure an extranet…that already has a particular look and feel,” Ganitsky said.

Version 4.0 adds role-based delegation. This lets the corporation denote who, among extranet users, has access to which administrative actions. A supplier’s IT manager might be allowed to look into user-authentication features that address her company’s people, while the enterprise’s IT manager would be able to glance deeper into system, perhaps scrutinize resource clustering. “They’re able to distribute the workload,” Ganitsky said.

Apart from the new IVE, NetScreen introduced a Central Manager program that lets customers control up to four VPN appliances across a wide-area network.

Although Ganitsky conceded that four appliances “doesn’t sound like a lot,” when you consider that NetScreen’s top-of-the-line SSL VPN appliance, the SA-5000, supports up to 2,500 simultaneous users, the average customer won’t need more than four, she explained.

Soltrus Inc., a network security services firm and NetScreen partner in Toronto, is beta-testing IVE 4.0. According to Marcus Shields, the firm’s enterprise product manager, the new version seems flexible and easy to use.

“It knows what kind of authentication you’re going to want to use, before you even enter into the system,” Shields said, pointing out that 4.0 makes life simple for users and the IT crew, which, in turn, makes the enterprise less vulnerable. “Any security system that isn’t easy to use will eventually be turned off.”

NetScreen said 4.0 is meant to introduce access management functions into the mid-sized company. According to Ray Wagner, Nashville, Tenn.-based analyst at Gartner Inc., the mid-sized enterprise represents this new product’s sweet spot.

“A medium-sized enterprise with a lot of mobile workers, they should get the picture straight away.” As for larger companies, “They might look at it as access to resources for a certain set of individuals.”

IVE 4.0 on NetScreen’s 1000-series SSL VPN appliance is priced at US$6,995.

Related Download
Five Reasons to Take Your Virtualization Environment to a New Level Sponsor: VMware
Five Reasons to Take Your Virtualization Environment to a New Level
Download this white paper to learn how vSphere with Operations Management helps you identify problems and proactively address issues before they affect your end users.
Register Now