Microsoft unveiled a new secure sockets layer virtual private networking (SSL VPN) solution Thursday. Intelligent Application Gateway (IAG) 2007 is the fruit of its July 2006 acquisition of Whale Communications.
The Redmond, Wash.-based software maker also announced that it has partnered with Celestix Networks and Network Engines, two appliance manufacturing and distribution companies, in order to offer a new pricing and licensing model that it said will make SSL VPNs more cost-effective for “all small businesses — from small to large enterprises — and for all deployments.”
“Security around remote access should always be a concern for businesses, as it is a well-known attack vector for many different types of exploits,” Victoria Fodale, an analyst at In-Stat, told TechNewsWorld. “And Web-based access is becoming fairly ubiquitous among companies.”
The SSL VPN space has become extremely popular recently, said Rob Whiteley, an analyst with Forrester Research, because it allows users to connect and get their applications and data without having any pre-installed software on their computer. While it is extremely useful for employees, it is becoming essential for access to customers, partners or anyone outside the corporation. “You don’t want to have to send them a CD that says ‘Please install this,'” Whiteley told TechNewsWorld. “It becomes extremely cumbersome.”
In addition to opening up access for a variety of users, it also is really “friendly for mobility purposes,” Whiteley explained. All cell phones, smartphones, PDAs and other similar devices run a browser, and now their users have secure access to a company’s network on a non-PC device as well. The technology also provides a very fine-grained capability that enables companies to decide who they are going to let on to their network, when to let them in and under what conditions, for example, much more so than VPN technology of the past.
“It allows companies to open access [to networks] to more people, to more mobile people and have greater control at the same time,” Whiteley explained. “That sort of trifecta has made it very popular. And [Forrester] data shows that about 70 percent of large enterprises are involved in some way shape or form — either having deployed it or evaluating it.”
Though that number may seem high, Whiteley continued, it is in part the result of the flexibility of the technology with companies deploying SSL VPN in conjunction with their existing VPN system or for a specific department. For instance, human resources may have a mandate to make all employee benefits information available to employees from home. So, HR will purchase an SSL VPN that will eventually be adopted by the entire company.
IAG 2007, available only as an appliance on pre-installed and configured systems produced by Celestix and Network Engines, combines SSL VPN and Web application firewall products from Whale with Microsoft’s Internet Security and Acceleration Server 2006. According to Microsoft, IAG provides companies with a single, consolidated appliance for network perimeter defense, remote access, endpoint security management and application-layer protection over both SSL and IPsec connections.
The result is a broader set of remote access requirements choices for businesses. The integration of SSL VPN into an existing Microsoft infrastructure will also support secure access to both Microsoft and non-Microsoft applications and services from a single appliance, the company said.
The new streamlined design can help to reduce the cost of ownership by removing the need for multiple devices from a variety of vendors for different access methods. Microsoft has also thrown in all Intelligent Application Optimizers and Connectivity Modules to the base product offering, a move it said will further simplify the purchase and deployment process.
“Microsoft has done exactly what you would expect them to do and democratized it,” Whiteley noted. The company has taken a technology, previously available only through a handful of very network-centric vendors in a niche category and taken the necessary steps to broaden its appeal.
Microsoft has not added many bells and whistles or done much with the product’s features, but it has made it a lot easier to use. It is more flexible because Microsoft provides various hardware options and installed software as part of their ISA Server 2006, according to Whiteley.
“This makes it a lot more appealing to a broader audience because they can consume it the way they want to consume it as opposed to appliance which is always good for younger markets,” he continued.
Microsoft has also changed the way it calculates prices and licensing. The simplified system now includes all-in-one pricing for the gateway along with all Intelligent Application Optimizers, Network Connectors and security modules developed for business-critical applications to implement specific client-side and enhanced application-layer security polices, according to the company.
The software giant has also made changes to its client access licenses (CAL). They will now be based on the number of authenticated users or devices connecting to IAG appliances. Previously, the company had based the agreements on the number of concurrent users. Microsoft believes the new rules will lead to more flexible and scalable pricing and licensing.
IAG 2007 is now in sync with Microsoft’s broader server and tools licensing schema, with a server CAL model, the company said. For businesses, that means that servers or appliances are purchased from an OEM and CALs are sold separately for each named and authenticated user. The non-volume license price for a single CAL is US$22. Larger companies can receive volume discounts for their purchases or higher contract levels such as Open/Select and Enterprise agreements, Microsoft said.
Changing the pricing to match the way other Microsoft product prices can not be underestimated, Whiteley said. The reason this is critical is because the channel will get it instantly.
“They don’t have to think about what the product is and how to position it and price it,” he added. “They’ll just grab a couple of value points and have a very instant success rate in terms of getting it out there.”