This release sees the end of the free 10 user give-away, however you are getting some great enterprise features within the VPN product at a very attractive price.  Contact us at info@propalms.com for more information on pricing.

New Features in 3.5

Improved Management Console Interface

The VPN management console GUI is simplified and improved now. The left navigation tree has a new organization with more logical grouping of configuration screens.

Inline Help on Management Console

Context sensitive help is added to management console to facilitate quick reference to configuration options.

Graphical Dashboard on Management Console

A new graphical dashboard is added to management console showing live users, license usage, resource usage and important VPN information.

Multiple Authentication Server and Authentication Cascading

It is now possible to add and use more than 1 external authentication servers. There is a new authentication server management screen where multiple servers can be configured. These servers can be then configured in cascading mode. This means, if user can not be found in highest priority server, the user is will searched in the lower priority servers also.

External Authorization Server

In case the authentication server cannot provide role/group information for an incoming user, a separate authorization server can be specified which will be used to provide user role information. Authentication servers like OTP tokens or RSA SecureID servers may not provide role information to VPN gateway. VPN gateway requires user’s role to assign applications to the user. With such servers an additional external authentication server or native groups can be used to decide the role of the user.

The authentication is done with the external authentication server and then the username is searched in the configured external authorization server.

Global VPN Domain Settings

A new screen is added to management console to define the authentication and authorization scheme for the VPN, termed as VPN domain. In future versions, it will be possible to add multiple VPN domains each with own AAA scheme.  The global authentication scheme includes the authentication servers to be used for authentication, any external authentication server(s) and group list which needs to be denied login to VPN.

New Product Licensing

The licensing mechanism is improved to include a system default license, endpoint security feature control based on license as well as making the license key tied to a particular hardware.

VPN gateway can run in 3 license states:

1.            System default (5 users for 30 day evaluation)

2.            Evaluation license (time bound)

3.            Production license

A newly installed VPN gateway can be started in system default license which is valid for 5 concurrent users for 30 days. Alternatively administrator can choose to put a license key at the time of pre-boot stage.

A license key can be added from management console after the VPN is configured.

To get a license key, administrator must send the “product key” displayed on management console to info@propalms.com. The new license key will be valid only for the hardware from which product key was taken.

The new license can enable endpoint security feature on the appliance.

The VPN gateway will send notification emails to all registered security officers and administrators before 5 days and 2 days from expiry of the license. The VPN gateway will send a last notification email 24 hours before expiry of the license.

Configuration Backup and Restore Options

With v3.5, administrators can back up the configuration and restore the same in case of a disaster.

The backup file is stored on administrator’s desktop which can be uploaded back to gateway for restoration.

There are two back options available: User settings backup or full system backup.

User Settings Backup:

This backup will export the settings configured by administrator to the desktop.

This backup enables administrators to regularly back up the settings and use them in case the administrator needs to revert back to old state or the old system has to be replicated to a new one.

The backup includes following settings:

• Local Users: Only basic authentication users
• Local Groups
• Applications
• Application Groups
• Access Control
• Authentication servers
• VPN Domain
• Endpoint Security configuration
• Host Scan Policy
• Device Profiles

 This backup does not include any certificate and system information hence is portable across various VPN gateways located at difference locations.

Full System Backup:

This backup exports everything including the certificates related configuration. This backup is useful to rebuild a whole system by reinstalling the firmware and then restoring it to the last backed-up state again.

This backup includes the following information:

• All the user settings as in “User settings backup” above.
• SSL and Certificate authority certificates
• User certificates

It is important to make sure the hostname of the system should be set to same as what it was when the backup was taken from the system. If the hostname is different, an error will be prompted to the administrator. It will also give the name of the expected hostname.

This backup type can be used to restore a whole system.  In both cases, VPN must be in configuration state and the VPN services will restart after restore process is over.

Administration Logs

All the administration changes are logged and viewable through the management console. The logs are achieved on the gateway with capacity to store more than 200,000 log entries.

Reset Security Officer Account

An option is added to VPN console to reset security officer/administration’s account. The feature resets the administrator’s certificate on VPN management console and sends a new passphrase to the registered email ID of the administrator. This feature can be used in case administrator’s certificate is lost or administrator forgets her password.

Network Settings Configuration

A new option is added to the management console so that IP address, DNS and host file modifications can be done from management console.  Administrators can change IP address related settings as well as configure the DNS options. It is also possible to create host file entries on VPN gateway to resolve the names.

Route Configuration

A new option is added to the management console so static route configuration can be done from within the console itself.

Reboot and Shutdown Options

A new option is added to the management console providing the capability to reboot and shutdown the appliance.

Scheduled Expiration of Local User Accounts

At the time of creating local user accounts, administrator can set a date when the account will automatically expire. After the given date the user account is set to “disabled”. This option is applicable only for basic authentication and certificate users. This option is not applicable to security officers and administrators.

Detecting Application Creation Errors

While creating new applications, it is common to set a hostname for Application server or the URL which is not resolvable from VPN gateway. This can happen either the hostname typed is not correct or the DNS server is not configured correctly or there is no DNS server at all. In v3.5 when creating applications, the VPN will check if the hostname specified as Application Server hostname and the hostname/domain name in the Web URL is resolvable from VPN gateway or not. An error is displayed if the name cannot be resolved. The Administrator can fix the hostname or they can create host file entry for the hostname.

VPN Client for Linux OS and MAC OS X

VPN Clients for Linux and MAC OS X are now available for download from VPN portal. Users can choose to download the correct VPN client for their platform.

Single Sign ON for Propalms TSE for certificate users

Until version 3.4, SSO for Propalms TSE was supported only for basic authentication users. In v3.5, SSO is supported for users authenticating with certificate also. The username is fetched from the client certificate’s ‘issued to’ field. The user must have same username and password on the Propalms TSE server also.

Propalms OS Console Menu Authentication

In v3.5, when using Propalms OS Console menu, user needs to authenticate to console using a built-in account. The account name is ‘consoleadmin’. The password for the account is ‘adminconsole’.

The Administrator has the option to change the password for ‘consoleadmin’ user.

Root access to Propalms OS is blocked completely. 

For more information go to http://www.propalms.com/products/propalms_vpn.php

Posted 29th October 2009

Company Signs Agreement with OPSWAT, Inc. to Provide VPN Solution to Large Enterprises

NORTH YORKSHIRE, England – Oct. 29, 2009/PR Newswire/ — Propalms, Inc. (OTCPK: PRPM) is pleased to announce the Company has signed an OEM agreement with OPSWAT, Inc., the leading provider of endpoint security application integration technologies. The solution OPSWAT engineered for Propalms VPN product is similar to what OPSWAT has developed in the past for corporations such as Microsoft, Citrix, and Hewlett Packard. The Company will now be able to market its newly enhanced VPN solution to large enterprises. The main feature behind the new VPN solution will enable Propalms customers to have extra security when employees log into their corporate network.

As part of this announcement, Propalms has endorsed the OESIS OK Interoperability Certification Program to verify the interoperability of customer and partner applications with Propalms’ solutions.

Founded in 2002, OPSWAT provides software engineers and IT pros with software development tools and data services to power manageability and security solutions. OPSWAT’s OESIS Framework is a single, multi-platform software development interface to manage all software applications. In addition, OPSWAT founded the OESIS OK partnership program; open to all software application vendors, to promote integration with market-leading technology solution vendors. OPSWAT’s main products also include the Metascan® antivirus SDK and the AppRemover SDK, an application uninstaller. OPSWAT’s current customers include Microsoft, Cisco Systems, Hewlett-Packard, Juniper Networks and SonicWALL, amongst others.
“We are excited about working with Propalms and providing them with the necessary tools to provide their customers with enhanced network security integrated into their VPN product,” stated Benny Czarny, President and CEO of OPSWAT, Inc.
“The OEM agreement with OPSWAT will give Propalms VPN solution features that large enterprises around the globe are looking to integrate into their networks,” stated Robert Zysblat, President of Propalms Inc.
For more information on OPSWAT, Inc., please visit www.opswat.com.
About Propalms, Inc.:

Propalms, Inc. is a global provider of application delivery and secure remote access solutions for Terminal Services and Virtual Desktop Infrastructures. Delivering to enterprises of all sizes, Propalms offers reliable, scalable and affordable solutions that simply work. Our belief is that application delivery solutions should be flexible, dynamic and, above all, simple to use.

Safe Harbor Act: This release includes forward-looking statements made pursuant to the safe harbor provisions of the Private Securities Litigation Reform Act of 1995 that involves risks and uncertainties including, but not limited to, the impact of competitive products, the ability to meet customer demand, the ability to manage growth, acquisitions of technology, equipment, or human resources, the effect of economic business conditions, and the ability to attract and retain skilled personnel. The Company is not obligated to revise or update any forward-looking statements in order to reflect events or circumstances that may arise after the date of this release.

Source: Propalms, Inc.

Quoting  virtualizationinfo.com guys, “Yes we also want a piece of the VDI pie”.

You may ask what is new this time. With Propalms TSE 6.0 released early 2008 we delivered an integrated VDI solution for VMWare server 2.0. And it may not surprise you that not many people have implemented our VDI solution also. We were anyway busy migrating customers to TSE 6.0 and adding lot more new customers for TSE 6.0.

We started working on a new VDI solution by end of 2008 where the new product takes the lead to deliver virtual desktops and then deliver applications to virtual desktops. The new solution was supposed to be more flexible to add support for new virtualization platforms quickly with an easy and simple management interface. We choose Parallels Virtuozzo Container technology as our first virtualization platform to host virtual desktops.

We choose parallels because its an excellent platform for hosting virtual desktops:

• Higher density compared to competition
• Dynamic resource and application management
• Built-in application virtualization
• Its an extension to terminal services
• and more…

Propalms VDI v1.1 includes

• The connection broker service which currently runs on Windows platform for Parallels hosted desktops
• A management console using which you can create/manage/audit virtual desktops (Parallels containers)
• VDI Client for Windows, Linux and MAC OS X

I agree to Brian Madden that it will be year 2010 for VDI, so we are preparing for it. We do not intend to develop all the pieces from scratch. But we plan to bring in technologies existing today and currently in development together, marry them through our management framework and deliver a practically affordable VDI solution.

If you want to try the product, please register or send an email to us at mailto:info@propalms.com.

Listed below are some of new functionalities Propalms VPN bring to the table for Propalms TSE users.

1. Highly scalable SSL Gateway
The TSE product has a built-in SSL server known as “DMZ SPR”. Its an out-of-the-box solution for securing access to TSE portal and TSE published applications. The DMZ SPR has been very effective in supporting SMB customers of TSE where no. of concurrent users doesn’t go beyond 50 or so. But over the time customers have been coming back to us reporting some of the below mentioned issues:
1. DMZ SPR needs  a persistent connection with Propalms Web server. If the web server goes offline or there is a network connectivity loss, it brings the DMZ SPR down. To fix this, DMZ services need to be restarted.
2. There is no automatic failover between DMZ SPR servers. Customers need to depend on external Load balancing schemes.
3. DMZ SPR does not support/integrate with multiple factor authentication solutions like RSA, CryptoCard, etc.
4. Implementing DMZ SPR creates some administration overheads in TSE, like Enabling DMZ SPR in connection setting, filtering Clients using Client  groups, etc.

With Propalms VPN, all these issues are gone.
Propalms VPN is a highly scalable SSL gateway running on a hardened Linux platform. It can support thousands of users on a single hardware device and can support tens of thousands when configured as a cluster. Propalms VPN can be deployed in-front of Propalms TSE server team with no additional configuration required in Propalms TSE servers. Propalms VPN supports active-active HA cluster out of the box. It provides built-in client certificate based and biometric multiple factor authentication as well as it supports OTP token based solutions. Like DMZ SPR, Propalms VPN supports SSO for TSE launchpad and published applications.

2. Web server loadbalancing
Propalms VPN natively support load balancing for applications published over VPN. Imagine you have multiple TSE web servers and you want to distribute the load equally on the two web-servers. You can now do that using Propalms VPN by publishing one web-application on VPN and pointing to all of your web servers. Propalms VPN gateway then distributes the user requests in a round robin method to the web servers. It can tag the session caching so that a user is always redirected to same web server during a particular session.

3. Stronger authentication
Currently Propalms TSE supports only authentication methods which are based on domain logins. With Propalms VPN, you can implement stronger multi-factor authentication solutions like client certificate based or any OTP token solution.

4. Simple TSE deployment and configuration
In distributed users scenario where some users are on LAN and some users are on WAN, Propalms TSE need to be cofigured to know both the local LAN IP address as well as the WAN published IP address. This is no problems unless you start using DMZ SPR which will require you to do some more DMZ SPR specific configurations. When deployed with Propalms VPN, the Propalms TSE deployment becomes much simpler. In this case, Propalms TSE needs to be configured for local LAN access only. There is no special configuration needs to be done on Propalms TSE for remote users to connect via Propalms VPN. Since its a SSL based VPN, it act as a single port relay by default.

5. Seamless access to TSE as well as non-TSE applications
Since Propalms VPN can support any TCP/IP application, you now have a choice to remove some applications especially browser based applications out of your TSE team and directly publish over Propalms VPN. This will enhance the overall performance of the applications as well as now you do not need to depend on two or multiple remote access methods. Propalms VPN will become single point of entry into the corporate network for both TSE applications and non-TSE applications.

6. Endpoint Security
If you are familier with Citrix feature “Smart Access”, Propalms VPN will provide similar features for just any application. When a user connects to corporate data center to access any applications, her machine is scanned for valid, updated and active AntiVirus, Firewall and Anti-spyware products. If the machine is not found compliant to the endpoint security policies, the enduser machine can be remediated automatically. Users’s access to specified VPN applications can be allowed or denied based on the set of endpoint security policies that user has passed. We will soon be integrating TSE connection policies with VPN policies so that users’s TSE sessions can be applied much more granular control, like disabling drive sharing if user fails the antivirus policies.

7. ROI
This is the one question everyone asks when you go and try to sell something on top of existing infrastructure. Although getting a new server seems to be additional cost, if you analyze further, it is going to pay for it self very fast.
a) Since DMZ SPR runs over Windows, you need Microsoft CAL licenses for the number of users going to connect to TSE. You don’t need any CALs for Propalms VPN as it runs over customized Linux.
b) You do not need to worry about Antivirus, firewall for Propalms VPN. You can save on annual subscription for the same.
c) Propalms VPN does not require regular patching and updates like any Windows based server
d) Propalms VPN is available as both Software VPN and Hardware VPN. You can use the same hardware running DMZ SPR and install Propalms VPN over it and get better, faster and scalable SSL gateway
e) Two factor authentication is built-in in Propalms VPN so you do not invest more for strong authentication. It comes with a built-in CA and hence no need to buy costly certificates for implementing client certificate based authentication.

Lastly, Propalms VPN comes with a very attractive pricing for existing and new TSE customers

Just to give some background, Propalms VPN (earlier vFortress VPN) was first release in 2004. vFortress VPN was well accepted in India when it was first released and there are still more than 30 customers using the vFortress VPN even when they did not have any support for 3 years after vFortress had to close down operations in 2006. The largest installation for vFortress VPN was 30,000 concurrent users. Currently the largest installation of Propalms VPN has 4000 concurrent users.

Propalms VPN is a SSL based clientless (agent based) as well as client based VPN solution. Although all the features are generic for any type of TCP/IP application, we made sure that we make VPN integration simple for Propalms TSE customers. Propalms VPN provides SSO for Propalms TSE launchpad portal which means users need to authenticate only one time to VPN gateway. VPN then takes care of authenticating the user with Propalms TSE. This will enable customers to enable more stronger multi-factor authentication policies for Propalms TSE server and just any other application published over TSE or directly over VPN.

It should be interesting to know that Propalms VPN has a built-in client certificate based two factor authentication solution that supports automatic provisioning and revocation of digital certificates for users. Here is (http://www.networkworld.com/community/node/31124) an article from NetworkWorld that explains in detail why client certificate based two factor solution is the most secure two factor authentication solution and in fact is the only solution that can thwart MITM attacks. Propalms VPN had this feature tightly integrated in the solution since 2005. And if you go through the comments on the Network World article (http://www.networkworld.com/community/node/31124), Propalms VPN client certificate authentication has it all to make it completely secure; it does not send keys over network, generate key pair on end user machine, a lost laptop can be denied access by revoking the certificate from VPN console on a single click, built-in CA, etc, etc.. Just like client certificate based authentication, Propalms VPN has built-in biometric authentication support which will enable customers implement third factor of authentication.

Endpoint security is a core element of remote access solution and so is for Propalms VPN. We have integrated the best-in-class endpoint security features which are on par with likes of Juniper, Cisco or Aventail (now SonicWall).

The unique thing about Propalms VPN is that its a “application” access gateway rather than a “network” extension VPN. Even though there is a client involved, it does not bridge enduser network with corporate network while still supporting any type of TCP and UDP based application. There are obvious threats involved which needs more detailed explaination which will require another article. Propalms VPN delivers traffic only for a configured application from enduser machine to corporate network. That gives administrators the much needed control and visibility to make sure authorized users accesses only “authorized” applications. It might just involve a bit more of administration but it is worth taking effort publishing individual application rather than simply publishing a whole subnet or generally the whole corporate network.

There are more features like application load balancing, Active-Active high availability, fake private network IP addresses, multiple ISP failover which will interest customers of all sizes, verticles and markets.

I am sure Propalms TSE customers would be first to try Propalms VPN as they would like to get a faster and scalable SSL encryption platform compared to the Windows based DMZ SPR.

For more information go to http://www.propalms.com/products/propalms_vpn.php