Yesterday I found one great product for remote users. I wish It was on the market years ago. First let me tell you about my problem. We use ERP application which is the main application in our environment. Unfortunately it’s not web-based. We also have many locations, from warehouses, distribution to remote offices. They all use ERP.
Because application is a classic Windows app, that means it can’t be used on tablets, phones. Users working from home also need to use it. Remote desktop services (Terminal services) can solve the main problem. IT can deliver application to remote locations easily. But there are two problems. Even if the RDP protocol can ”stream” application to remote locations, protocol by itself is still not efficient, hence Citrix invented ICA protocol. If you know Citrix, then you know that while technology is good, it costs an arm and a leg to buy it. And it also means that you have to add additional cost to already expensive Remote desktop service licenses.
Recently, I stumbled on a second problem. Users need to use applications remotely. From their mobile devices and even private computers. We still use Juniper SA appliance for SSL VPN. I never got so many problems with MAC users. Juniper Junos Pulse is not working well for IPhone users and OSX users… They can find a refuge finding working remote connect on this website.
I thought about Dell SonicWall as an alternative to SA appliance. You can add RDP to users SSL-VPN screen and I heard that MAC users don’t have problems connecting. But in the end, it’s not a solution. It is not that useful when you consider that it’s main purpose is not application delivery
Sangfor to the rescue
I never heard about Sangfor until now. What shocked me was an image from Gartner report, Sangfor is listed on reports for SSL-VPN, NGFW and WAN optimization. For 3 years in a row. What can a company with WAN optimization, SSL-VPN an NGFW products invent to make remote work easier?
The answer is Easyconnect.
Beauty of Sangfor Easyconnect
Easyconnect is a combination of SSL-VPN, network acceleration and RDP gateway. User has to login to a web portal where he/she can authenticate. Just like with SSL-VPN you can use any computer and install a small client.
Once logged in, you can run applications that are published on your Terminal Services server (RDS). All network traffic is compressed and accelerated. That means that you will need just a fraction of network resources compared to classical RDP. This comes handy when users need to use mobile data, when users are roaming and even when you have a bad connection. Because of network optimizations, even applications like Autodesk Autocad will work great.
But serving applications is not all. You can grant your users additional access to your resources. You can enable access to file share, Remote Desktop or Easy Connect console.
There is also a compulsory mobile application available for IOS and Android operating systems. Mobile users can use mobile phones or tablets to connect to Easyconnect and use applications you have deployed securely.
The backend
Easyconnect installation is pretty simple. From Sangfor web page you download a virtual appliance which you easily import to your virtual infrastructure. One network interface is dedicated to DMZ and the other is dedicated to internal network. When you connect to the appliance for the first time you login to the console with credentials admin/admin.
On the Dashboard, you get essential information like CPU usage, Throughput, Concurrent Sessions, Concurrent users, and Byte Cache. You can immediately see how the appliance is utilized.
Then you can add Terminal services server so that you can start creating policies for applications and users.
Easyconnect Security
Security is one of the strongest assets. Because Easyconnect was created by the team that is working on a security products, you can really secure your environment. For example, you can set up a rule that limits access to computers with only certain type of operating system, operating system version i.e Windows 7 and you can even limit access by the Service Pack version.
You can also set up an attribute check. For example, you can only allow access if the client has a specified file in certain directory. But that is just the beginning. You can define which process must be running, which Anti-Virus software has to be installed. You can also have a play with Registry data, various endpoint features, source IP, WAN interface IP, etc….
If you require you can set up a fort. I mean, security is really a strong asset and there are many checks you can use to prevent unauthorized users to connect to your infrastructure.
Conclusion
Easyconnect is a great way to deploy your applications to remote users. One example where it shines is that you can extend your exisiting infrastructure. You don’t have to buy additional expensive SSL-VPN appliance, you don’t have to upgrade your firewalls, you don’t have to buy a new device that offers latest and greatest, including features you don’t need.
Instead, you can deploy Easyconnect. You can install in your virtual environment and easily set up policies and applications for your users.
I was really surprised with configuration. I thought that I will find a complicated GUI, hard to understand controls and hardly logical configuration options. Instead, what I found was easy to understand, easy to setup and easy to use product.
When I was testing the product I asked Sangfor about pricing. Currently price is being evaluated but they told me that early adopters will get great discounts.
If you are interested in this kind of product, I recommend you to download a trial version and have a short trial. It may surprise you…
Leave a Reply