Narrowing the tunnel

ONE OF THE trickiest tasks that enterprise IT departments must grapple with is providing remote application and data access to business partners and branch offices. Administrators often turn to VPNs (virtual private networks) or private circuits and remote access servers to support remote access. But the former option can open your network up to unauthorized access if not properly maintained, and the latter can be prohibitively expensive.

Flatrock’s instant extranet is a unique hardware/software solution that lets IT staff implement secure access to applications and data via the Internet without the added risk of enabling remote network access. Instant Extranet is similar to a VPN (Virtual Private Network) insofar as it uses encrypted tunnels across the Internet, rather than private circuits (which is how Flatrock manages to keep costs down). But unlike VPNs, the solution also provides access to specific applications and data, rather than the entire corporate network.

Instant Extranet is a unidirectional hub-and-spoke solution, with hardware called a PAR (Provider Application Router) as the hub, and an SAR (Subscriber Application Router) as the spoke. Each SAR can access the applications and data sources made available by the master PAR in a publish/subscribe arrangement.

Flatrock also boasts browser-accessible reporting functionality that lets you monitor and adjust the performance of individual applications, examine performance data on a minute-by-minute basis (as well as hourly, weekly, and monthly stats), and export the data to a spreadsheet for further analysis.

To set up Instant Extranet, an IT administrator must first install and configure the PAR on the corporate network. The PAR provides internal and external networking interfaces that can be configured using the LCD on the front of the device. Once enabled, the administrator accesses the PAR’s console via its internal IP address, using a Web browser. In the console, the administrator can define remote sites that will be authorized to access applications and data.

Meanwhile, the remote sites, be they business partners or branch offices, use the SAR to link to the PAR on the corporate network. Each SAR is configured using an LCD panel on the device where the site name, the SAR’s IP address, application IP addresses, and the PAR’s address are entered. (To ease deployment, most enterprises will probably want to pre-configure their SARs before sending them to business partners or branch offices.)

After the PAR and SAR are installed and configured, they securely connect to each other using an RSA-authenticated tunnel. Network administrators can then return to the PAR’s administrative console to define the applications and data that will be accessible from the remote SAR.

Flatrock includes a set of application templates to simplify the process of configuring access to applications and data. For example, in our tests, we used a template to configure secure remote access to Web pages that our branch office needs to look up customer account information.

We were also able to define the default page our remote users would access, the port number, and the type of encryption (namely, IPSec, 128-bit) we wanted to use for our test application. Each application can use a different type of encryption, including 3DES and 128-bit Blowfish — a particularly useful feature when different types of applications and data sources are being accessed across the tunnel.

Moreover, Flatrock has tested remote access to more than 60 different types of applications and data sources. Some of these include CRM and ERP applications, enterprise databases, and Web services (including WSDL and SOAP). We easily configured several file shares that our remote users could access, as well as e-mail and X Windows access. In fact, the company claims that nearly any IP-capable application can be made accessible using the Instant Extranet, and our tests did not yield any evidence to the contrary.

On the downside, if an enterprise wanted to support bi-directional communications between a corporate site and a business partner, it would have to activate a PAR and SAR at both locations — which, at prices of $29,999 for a PAR and $5,999 per SAR, can be a costly approach. But by mid-year, Flatrock expects to rectify the situation by rolling out integrated, bi-directional communications functionality between the two devices.

Flatrock’s Instant Extranet offers a fine option for companies unwilling to invest the time and effort to configure private-circuit, remote-access server implementations. Moreover, by giving administrators control over which applications users can access, the solution lets companies lock down unauthorized network access and tame bandwidth usage. If these advantages sound appealing, Instant Extranet is worth a look.