Propalms VPN: What’s in it for TSE Users?

We listed some of the interesting features of Propalms VPN in the last post. This post is focused on why TSE users should look into implementing Propalms VPN into their network.
Propalms VPN is a new addition to Propalms Team of products. It is a complete enterprise ready SSL based secure remote access product that not only makes remote access seamless to any type of application from any device but also makes sure that the endpoints connecting to corporate network are healthy.

Listed below are some of new functionalities Propalms VPN bring to the table for Propalms TSE users.

1. Highly scalable SSL Gateway
The TSE product has a built-in SSL server known as “DMZ SPR”. Its an out-of-the-box solution for securing access to TSE portal and TSE published applications. The DMZ SPR has been very effective in supporting SMB customers of TSE where no. of concurrent users doesn’t go beyond 50 or so. But over the time customers have been coming back to us reporting some of the below mentioned issues:
1. DMZ SPR needs  a persistent connection with Propalms Web server. If the web server goes offline or there is a network connectivity loss, it brings the DMZ SPR down. To fix this, DMZ services need to be restarted.
2. There is no automatic failover between DMZ SPR servers. Customers need to depend on external Load balancing schemes.
3. DMZ SPR does not support/integrate with multiple factor authentication solutions like RSA, CryptoCard, etc.
4. Implementing DMZ SPR creates some administration overheads in TSE, like Enabling DMZ SPR in connection setting, filtering Clients using Client  groups, etc.

With Propalms VPN, all these issues are gone.
Propalms VPN is a highly scalable SSL gateway running on a hardened Linux platform. It can support thousands of users on a single hardware device and can support tens of thousands when configured as a cluster. Propalms VPN can be deployed in-front of Propalms TSE server team with no additional configuration required in Propalms TSE servers. Propalms VPN supports active-active HA cluster out of the box. It provides built-in client certificate based and biometric multiple factor authentication as well as it supports OTP token based solutions. Like DMZ SPR, Propalms VPN supports SSO for TSE launchpad and published applications.

2. Web server loadbalancing
Propalms VPN natively support load balancing for applications published over VPN. Imagine you have multiple TSE web servers and you want to distribute the load equally on the two web-servers. You can now do that using Propalms VPN by publishing one web-application on VPN and pointing to all of your web servers. Propalms VPN gateway then distributes the user requests in a round robin method to the web servers. It can tag the session caching so that a user is always redirected to same web server during a particular session.

3. Stronger authentication
Currently Propalms TSE supports only authentication methods which are based on domain logins. With Propalms VPN, you can implement stronger multi-factor authentication solutions like client certificate based or any OTP token solution.

4. Simple TSE deployment and configuration
In distributed users scenario where some users are on LAN and some users are on WAN, Propalms TSE need to be cofigured to know both the local LAN IP address as well as the WAN published IP address. This is no problems unless you start using DMZ SPR which will require you to do some more DMZ SPR specific configurations. When deployed with Propalms VPN, the Propalms TSE deployment becomes much simpler. In this case, Propalms TSE needs to be configured for local LAN access only. There is no special configuration needs to be done on Propalms TSE for remote users to connect via Propalms VPN. Since its a SSL based VPN, it act as a single port relay by default.

5. Seamless access to TSE as well as non-TSE applications
Since Propalms VPN can support any TCP/IP application, you now have a choice to remove some applications especially browser based applications out of your TSE team and directly publish over Propalms VPN. This will enhance the overall performance of the applications as well as now you do not need to depend on two or multiple remote access methods. Propalms VPN will become single point of entry into the corporate network for both TSE applications and non-TSE applications.

6. Endpoint Security
If you are familier with Citrix feature “Smart Access”, Propalms VPN will provide similar features for just any application. When a user connects to corporate data center to access any applications, her machine is scanned for valid, updated and active AntiVirus, Firewall and Anti-spyware products. If the machine is not found compliant to the endpoint security policies, the enduser machine can be remediated automatically. Users’s access to specified VPN applications can be allowed or denied based on the set of endpoint security policies that user has passed. We will soon be integrating TSE connection policies with VPN policies so that users’s TSE sessions can be applied much more granular control, like disabling drive sharing if user fails the antivirus policies.

7. ROI
This is the one question everyone asks when you go and try to sell something on top of existing infrastructure. Although getting a new server seems to be additional cost, if you analyze further, it is going to pay for it self very fast.
a) Since DMZ SPR runs over Windows, you need Microsoft CAL licenses for the number of users going to connect to TSE. You don’t need any CALs for Propalms VPN as it runs over customized Linux.
b) You do not need to worry about Antivirus, firewall for Propalms VPN. You can save on annual subscription for the same.
c) Propalms VPN does not require regular patching and updates like any Windows based server
d) Propalms VPN is available as both Software VPN and Hardware VPN. You can use the same hardware running DMZ SPR and install Propalms VPN over it and get better, faster and scalable SSL gateway
e) Two factor authentication is built-in in Propalms VPN so you do not invest more for strong authentication. It comes with a built-in CA and hence no need to buy costly certificates for implementing client certificate based authentication.

Lastly, Propalms VPN comes with a very attractive pricing for existing and new TSE customers