At Array, we’re seeing quite a number of interesting deployment models that go beyond the ‘standard’ use cases for SSL VPN; these real-world installations by Array customers have added simplicity of use and an extra layer of security that bring real value to their respective organizations. In no particular order, here are a few of these innovative uses:
Proxy Microsoft ActiveSync Connections
If your organization has implemented or is planning a Bring Your Own Device (BYOD) initiative, the security of critical servers is an imperative. Rather than opening firewall ports to your Microsoft Exchange CAS servers (typically ports 80 and 443), use an SSL VPN appliance to proxy Microsoft ActiveSync traffic for mobile devices.
Centralize and Simplify Two-Factor/Multifactor Authentication
For geographically dispersed companies, managing across multiple sites can become more than a little painful if two-factor (or multifactor) authentication is deployed at each server that will be accessed remotely. Centralizing authentication at a single SSL VPN appliance allows users to authenticate at one core point – then connections are proxied to the appropriate back-end resource regardless of its physical location. This model dramatically simplifies management of two-factor authentication, while accelerating deployment and reducing complexity for end users. The Array Networks AG Series Secure Access Gateway supports most two-factor (or multifactor) products, and in addition includes an out-of-the-box OTP solution.
Maintain Security of Sensitive Information in the Field
We’ve seen this particular use case most commonly in financial institutions, though it can be useful in any situation where an organization’s staff needs to carry confidential information outside the office. Using Array’s DesktopDirect remote desktop access solution, an add-on for the AG Series SSL VPNs, employees can securely access their work PC from any location and any device, and view applications and data just as if they were in the office.
For example, a bank can provision tablets for employees to use in signing up new accounts at local events, or to meet with customers at their home or office to discuss investment options for their respective portfolios. All customer-confidential information is secured, and does not remain on the tablet – and, as tablets are particularly vulnerable to loss or theft, this last point is quite important.
Central IT Admin Portal
In this example use case, a separate portal is set up specifically for IT staff to securely access and manage internal network resources from a remote location (home, remote office, etc.). Links can be included to proxy Web-based applications, and to proxy RDP connections that are statically assigned based on internal policy. Specific network tools for IT staff that require limited remote access capabilities can also be published to the portal, and two-factor authentication and/or single sign-on can be enforced to meet internal security requirements. Array’s AG Series includes monitoring capabilities that can be used to maintain a log of all remote IT-related tasks as well.
Branding: Maintaining a Consistent Look and Feel
Most companies lack the time or resources required to ‘custom-brand’ Web-based applications such as Outlook, SharePoint and others for a consistent corporate look and feel. Centralizing internal Web-based applications through an SSL VPN simplifies branding by providing a ‘single pane of glass,’ or portal, on the SSL VPN. This portal can be easily customized with the corporate logo, colors and other elements of the brand, and provides an easy-to-use and recognizable point of access to business applications.
These are just a few examples of how Array customers are using SSL VPNs to provide additional security and versatility to their organizations. Join the conversation! We’d love to hear your ideas, questions and comments on ‘outside the box’ uses for SSL VPNs.