The AEP Netilla SSL VPN appliance is a dual Ethernet 1U offering (a virtual appliance version is also now available, see below) that provides authentication/authorization, secure (via SSL) communications, and application access to central server applications from remote users with Web connections. The appliance is installed in the DMZ, between the corporate firewall and the application server(s), and can operate in three different modes; providing access to intranet applications, client/server applications, and desktop-based synchronization applications. The latter mode is made possible via a downloadable Virtual Adapter PC client application that provides Layer-3 network tunneling between the remote machine and the corporate network with support for both TCP and UDP based applications. Communications between the remote users and the SSL VPN appliance are encrypted via SSL.

To provide access to intranet applications, the appliance serves as an "HTTP Reverse Proxy," where the user connects to the appliance itself but never directly connects to the actual Web applications. The appliance translates Web communications (including filtering of specified Web components, if so configured) between the user and the Web server, obscuring the actual URL, network topology, and source code of the original applications.

Server-based application connectivity is provided via an application-layer proxy that translates the Web protocols spoken by the browsers into the appropriate communications to use with the server applications. Server communication protocols supported by the NSP (and therefore the types of server applications that can be accessed through it) include RDP for Windows applications, X protocol for X Window applications, Telnet or SSH for UNIX/Linux applications, 3270 for Mainframes, and HTTP for Web servers.

Finally, where a connection between the remote client and the server itself is required (such as synchronizing Microsoft Outlook data between the client and server, for example), the NSP supports the creation of an SSL tunnel for use by the local application on the remote computer to communicate with the server via the Virtual Adapter described above.

The Netilla appliance includes compatibility with external (existing) authorization and authentication protocols, including Microsoft Active Directory, RADIUS, RSA SecurID, and X.509 digital certificates. Application access can be controlled by users or groups. The higher level appliances (the Netilla 4000 and 6000) additionally support clustering and geographical load balancing for up to 10 Netilla appliances; a feature that is made possible with the purchase of the separate AEP Netilla Load Balancer product.

Three models of the Netilla SSL VPN Appliance are now available, all with dual 10/100/1000 ports and a serial console port and now supporting unlimited end user licensing. The Netilla 2000 is recommended for environments with up to 100 users; the Netilla 4000 is targeted to environments with up to 500 users; and the Netilla 6000/6100 is targeted to environments of from 1,000 to 10,000+ users. The 6000/6100 also FIPS certification and optional redundant power (6100). Base pricing ranges from $3,500 (Netilla 2000) to $20,000 (Netilla 6000).

Other features include:

- Support for interoperability with the vendor's AEP IDpoint technology, which embeds a unique tag into the TCP/IP frame identifying the end user and enabling identity enforcement without requiring an IDpoint token (available in the 4000 and 6000 models only)

- Enhanced "Client Integrity" features, including automated end user cache-cleaning (URL history, cookies, stored passwords, etc.) even in the event of a browser crash, endpoint analysis, and location-based policy enforcement.

New to the product line is the introduction of a Virtual Appliance version. Known as AEP Netilla SSL VPN Virtual Edition (VE), the product's features are similar to that of it's hardware siblings, with deployment within the existing virtual infrastructure (admins just direct port 443 traffic from the firewall to Netilla VE).

Contact AEP Networks for further information.

product submission by EITPlanet Staff

E-Mail this page to a colleague
send info about AEP Netilla

Suggest a link
for the AEP Netilla fact sheet