Appgate Security Server is the perfect solution for security-conscious system administrators, wanting to micromanage every possible detail – and then some.

By: Niklas Lundin

SECURITY SERVER Every system administrator’s wet dream is an application or a computer letting them sit in one place and manage the system security without having to run around and do it on each separate computer. And now Santa’s finally delivered the perfect gift for every tired system administrator. Appgate Security Server promises a lot and keeps its promises. It’s a thin little pizza box, fitting easily in the server room (or under the fridge) and gives you all the security and simplicity you ever wanted. It will need - as every other complex system - a bit of fixing before it’s up and running as it should, though. But this is a smart system which will help you along the way, and it won’t take long before you’ve started the basic features.

What we found in the box, when the delivery from Appgate arrived, was a Sun Fire V100 with the 1U 19-inch form factor. It’s a delightful piece of equipment, one which hardly ever breaks or needs service. Suffice to say, it’s not something you put on the desktop, since it sounds like a jumbo jet airplane. We just needed to unpack it, since the unit was configured with the right IP address for our network from start, already when we ordered it. We could just plug in the power cord and take the wheel.

Appgate basically works like a client-based access system with a bit of fundamental firewall capacity through IP filters. The system is administered through interfaces (Appgate Console) for almost every other system – Windows, Linux, Mac, and others. It can also be administered from a Smart phone or a PDA.

The interface isn’t particularly interactive, so a good piece of advice is to read the manual in advance. There you’ll find everything you need to get started without problems.

The system includes administrative tools for installation on computers, and Java applets for web browsers. Other clients are also available, such as Citrix and Windows Terminal Server.

Micromanaging everything
With an Appgate Security Server you can keep firm and very detailed control over who gets to do what, and to which server, or which application in your network. You could, for instance, let your sensitive application servers be protected behind the Appgate and distribute access to separate users or groups from that point.

Let’s say we’ll create a group called Finances to which a certain number of users get awarded membership. To access the Finances server you have to be a member of that group. Different users in the same group can of course have different access rights. For increased security you can instruct your Appgate to allow access during certain times as well, or from certain specified networks. The astounding level of detail for access management shows how incredibly well thought out the system is. A level of flexibility companies only could wish for – and now it’s available.

It’s easy to get the system up and running with basic rules and security, and then increase it according to need later.

Excellent for travellers
The Appgate could use several different authenticating methods for letting the users in. The simplest method is passwords, which works fairly well in, for instance, a local network. But Appgate is exceptionally well adapted for users on the road. You can get access to your mailbox, directly from the mail server, or connect to the intranet and get the same access as you get in the office LAN. Or you could get limited access if the computer you use doesn’t fulfil the correct security requirements.

It’s easy for the administrator to create one or more personal firewalls, which are pushed to the clients in the network. With a simple command you get full control over every computer in the company net.

If a user on the road borrows a computer which doesn’t fulfil the security requirements it can be locked out from some - or all features on the company network, or just be granted a temporary permit for really important transactions.

Individual and flexible access for users can’t be done by traditional IP Sec systems and an application based VPN cannot manage full access as well as every protocol.