NCP Secure Enterprise Client & Management
Strengths: Support for most gateways, AD sync integration to one-step removal of users.
Weaknesses: Reporting, ease of use, pricey.
Verdict: A feature-rich endpoint product requiring a lot of work to deploy IPsec alone, but worth the effort if one considers the firewall, NAC, SSL/VPN and PKI capabilities.
SummaryNCP Secure Enterprise Client & Management is a one-click VPN software client suite that combines seven separate endpoint security functions into a single product. It is software-based and interoperable with any 32/64-bit Windows operating system (7, Vista, XP) and will connect to any gateway technology. The bundled client includes a device firewall, dialer and automatic connection negotiator to avoid dropped connections when roaming hotspots. The NCP Secure Enterprise Server is the gateway component of the holistic NCP VPN Solution. NCP Secure Enterprise Server is the central dial-up platform for a company with external terminals and systems. It is the tunnel endpoint for all mobile and stationary teleworkers, as well as remote VPN gateways.
Our test scenario consisted of the vendor-provided hosted gateway and the Enterprise Client & Management installed on our test systems. The solution does include a software gateway offering that installs on either a Linux or Windows server. Typical deployments were stated as two to four days. The IPsec clients are supported on Windows, Mac and various mobile device operating systems. VPN supports IPsec tunneling and NAT traversal. Encryption support is available for AES (128, 192, 256 bit), 3DES and Blowfish (128, 448 bits). The clients will manage VPN connectivity through dial-up, wireless or wired connections.
The server mapped to Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) for directory integration. We liked the feature that allows for a single point of user management via AD sync. Adding or removing users in AD automatically adds or removes the user from the VPN configuration. Two-factor authentication is also supported. Policy is set on the server and pushed down to the client for endpoint enforcement. The servers can be deployed in high-availability, fail-safe or load-balancing configurations supporting enterprise environments.
Basic support is listed as tier-one support via phone and email. No options for upgraded support are available. We did not see much in the way of reporting. Logging was accomplished through an external syslog server.