Do SBC and client VMs mean we finally can throw away crazy host-scanning VPN solutions?

<ironic> what a stupid question !

</ironic>

It will never replace or remove the need for such thng as electric car will never replace all transportation system... but this is a good track to follow for certain people (the portable BYOC system). I had to play with the Bull Globull system (from french comapny named Bull) which is

 - a secure hard drive

 - when you boot on this hard drive from any peripheral, you get your corporate imgae with corporate DC synchronization using a client side hypervisor

 - If you connect it while local OS is booted, it is just a secure hard drive.

As usual, not for everybody but good for some usecase.

All this talk of VPN, and no mention of DirectAccess?

:-P

Hi Brian,

I was one of the founders of Accario but left the business in 2008 to pursue other opportunities, however I still remained a shareholder.  The MD of the company appeared to shut it down in October and let all the staff go with no real reasoning, details are still a little sketchy (Customers of Access Gateway scan solutions please contact me for further info/replacement products) and am not sure what has happened to the technology.

With regards to the Access Stick and what subsequently became Wraptor, I don't think the fate of Accario can be put down to the popularity of the technology.  There were significant sales of the technology but several things were learnt along the way:

-Customers do not like to have the device dictated to them, the last thing they want to impose on their employees is another fob to carry around/  They prefer something that can integrate with an existing solution (existing USB keys, Blackberrys etc).

-Ensure multi platform compatibility, customers want it to work on their Macs and Windows PCs.

-Don't underestimate the support issues that can come with this type of technology.  This needs to work on non-corporate assets, there are currently 3 versions of Windows still in support (XP, Vista, 7) each with slightly different security models.  The configuration and software profile on each device will be completely different and security technolgies (client security suites) are designed to stop this type of thing from working.

Personally I still like the concept of what these type of solutions can offer but believe we are still a little bit away technically from the Utopia of a device that can truly work anywhere.  RingCube/MojoPac have also invested heavily in this type of technology but again I assume recognise the limitations of what can be done whilst operating in usermode hence the introduction of kernel mode components for certain scenarios.

There is definately demand for these type of solutions, for a non-technical user the ability to just play and play without any configuration, component installation or security worries on any type machine is a compelling solution.

Tim

Something Tim mentioned that I know RSA is starting to do (hell World of Warcraft is already doing it) Why carry a FOB at all...just have your token on something you're already carrying...like your blackberry or iPhone.  

In any case, there are always exception users that need to transfer files between their TS/VDI session and they're local device.  You'll never completely get rid of end point scanning.  Personally, I think AV is a waste of resources because 99% of viruses are all zero-day anyway, but I'm not going to be the "guy" who made the decision to remove AV from corporate end points!

Brian, you wrote:

"Wow," I thought, "I wonder if RSA makes a version of the SecurID keyfob thing that doubles as a USB stick? Then we could run our software from there while still having two-factor security!"

Along these lines, IronKey Enterprise devices do come with an RSA soft client on board, and IronKey Personal and Enterprise device also include VeriSign's VIP for OTP authentication.

-Full disclosure: Yes, I work for IronKey.

Brian,

Interesting that you bring up secure remote access. At MokaFive, we had not expected secure remote access to be a big use case, but we have seen a significant increase in the number of customers demanding it and finding benefit in the VM based approach. Unlike VPN approach, which has a few deficiencies (as Tim pointed out),  the MokaFive Client VM approach gives complete cross platform execution. Customers seem to be selecting the solution for the following reasons:

1. Carry the entire desktop on a USB key or a blackberry ( which acts as the second factor itself, plus you don’t need to carry an additional device, and you get offline execution)

2. Use the USB key or Blackberry with any computer, across any platform, MAC, Windows (XP, Vista or 7) PC. The individual OS quirks are abstracted out by the VM so the solution works on any computer.

3. Keep the VM locked- down so incase of zero day virus hit, simply reboot the VM and you will be recovered back to pristine state. (of course, MokaFive personalization keeps the user data and settings intact)

Purnima

VP of Products & Marketing, MokaFive

I don't buy having to carry around a USB stick for remote access is a valid use case. My f'ing users will loose them and still call the helpdesk and *** about why it's my fault. I agree soft tokens are better than carrying around secureID fobs that are also lost when people really need them. Granted I'll buy that some people need both who are extra special for BCP events. Having all this stuff on your BB is certainly interesting, but I am trying to get rid of corporate owned blackberries. Direct Access requires IPV6 so it's not happening overnight IMO.

@appdetective - Just curious, why would you get rid of corporate owned blackberries in favor of personal liable devices?

@Tony Remote access brother and my boss who wants me to reduce costs. I also don't buy corp BB for everything single user due to cost, but those users would like me to enable access to things like email in a secure manner from their personal devices. I'm into this whole bring your own something thing AKA consumerization. I want to apply it to more than just a PC. When there is no local data, liability is not there. Citrix had a good blog on this the other day that got me thinking.

community.citrix.com/.../Mobile+commerce+with+XenApp

VMWare also seems to be flirting with actually delivering something, but the mgmt story around that will take years to formulate IMO.

www.virtualization.info/.../vmware-provides-details-about-its.html