AccessAnywhere Solutions
  Managed Service Edition
Small Business Edition
Enterprise Edition
Service Provider Edition
Products
AnywhereWeb
AnywhereClient
AnywhereApplication
AnywhereID
Enhanced Security
Enhanced Redundancy
High Availability
AccessAnywhere Use-Cases
Employee Productivity
Partner Integration
Customer Connection
Related Links
  Solution Profile
Technical Data Sheet
Cost/Benefit Analysis
Demo
View a demo of AccessAnywhere.

Enhanced Security Architecture

Like other SSL-VPN appliances, AccessAnywhere can be deployed as a single appliance, typically in the DMZ environment. And like other SSL-VPN appliances, this system then connects directly to servers on the Production Network through a back-end firewall.

This type of deployment typically results in one of two firewall configuration scenarios, neither of which are ideal:

  1. A single firewall rule allowing access to all servers on all ports or
  2. Separate rules for each server and every service for which remote access is to be provided.

In either case, all of this traffic is now in it's native protocol form, and most often, not encrypted. This presents a potential security liability if another system in the DMZ were ever compromised.

In order to both simplify firewall configuration and enhance security, AccessAnywhere provides an Enhanced Security Architecture (ESA) option, which allows for all data and direct communications with the production LAN to be handled by a core AccessAnywhere appliance on the internal production LAN. A lightweight AccessAnywhere ESA appliance remains in the DMZ to act as a communications proxy providing perimeter security services. Firewall rules are reduced to one, and there is no unencrypted traffic in the DMZ.

In an AccessAnywhere ESA deployment each of AnywhereWeb, AnywhereClient, and AnywhereApplication, and AnywhereID are provided by the core appliance on the internal production network, leaving no persistant data in the DMZ.

   
Copyright © 2004 All Rights Reserved.