Products: Mobile security – NetMotion Mobility XE 7.2

June 27, 2007

Supplier: NetMotion Wireless

Price: From c£4,676 for 25 devices

Contact: www.netmotionwireless.com

Despite the clear need for businesses to embrace mobile working,security remains one of the biggest concerns. The traditional methodsfor securing remote access, IPsec and SSL VPNs, both have their pros andcons. IPsec VPNs are better suited to permanent site-to-siteconnections, as they are hideously complex to manage for mobile workers,while most SSL VPN solutions are appliance-based. Neither copes wellwith intermittent connections, both are mostly bandwidth unaware, andfew models have connection optimisation or quality-of-service (QoS)capabilities.

NetMotion's Mobility XE is a software-only solution that offers allthese features and more. It creates highly secure encrypted tunnels anduses security policies to control clients. Workers in the field willappreciate NetMotion's application session persistence (ASP), whichallows active sessions to be sustained when, for example, the networklink goes down. ASP can keep the session alive - for days even - andwill pick up where it left off as soon as network connectivity has beenrestored.

Mobility XE comprises three software components: a server managingincoming connection requests and policy management; a warehouse to storepolicies, connection information and mobile client device registration;and the mobility client. The latter is a key component as it takescontrol of all wired and wireless network interfaces and presents asingle virtual interface. All IP traffic passes through the mobilityclient, giving it total visibility and control over the network traffic.It manages encryption up to 256-bit AES standards and is FIPS 140-2certified.

Link optimisation is achieved with NetMotion's patented internetmobility protocol (IMP). This reduces the payload significantly when itcomes to wireless connections as it leaves the IP header alone, butreplaces the TCP header with a user datagram protocol. The IMP headercontains information about encryption, packet sequencing, link qualityand acknowledgements, yet only adds eight bytes to each packet asopposed to the 62 byte payload added by IPsec.

We found installation on our Windows 2003 system easy enough, with theserver and warehouse loaded in around 30 minutes. These components canrun together or on separate systems, and you can use warehousereplication for improved fault tolerance. Servers can be clustered withup to 12 in a pool, and each one can manage up to 1,500 concurrentconnections.

Policies are easily created from the intuitive management interface andallow you to control how a client behaves, depending on the connectiontype and traffic conditions. Rule conditions can include SSID keywordsand BSSID addresses, allowing you to restrict client hot-spotactivities.

We found the ASP roaming features worked particularly well duringtesting. We used a laptop that had both wired and wireless connectionswith the latter selected via the mobility client. We started an FTPdownload and pulled out the wireless PC card after a few minutes. Theclient acknowledged the lost connection, picked up the LAN link andafter re-establishing a connection the FTP transfer resumed without ahitch - all in under five seconds.

To test NetMotion's link optimisation we configured our lab's NetworkNightmare WAN simulator to set up a flaky 56Kbps GPRS connection with a420ms latency and 20 per cent packet loss. With the mobility clientbypassed on our test laptop, it took 50 seconds to get a listing of anFTP directory from a server on the LAN, and we then copied a 127KB Worddocument from the server in 150 seconds. With mobility clientreactivated, the file was copied in 107 seconds. We then increasedpacket loss to 30 per cent to simulate a very poor quality GPRS link.Copying with the mobility client active took 230 seconds, with theclient bypassed it took three attempts before we could get a connectionto the FTP server and even then the download failed to complete.

Mobility XE is a slick solution to the problems faced by mobileworkforces. It provides the tools to ensure productivity isn't affectedby poor quality or intermittent network connections.

SC MAGAZINE RATING
Features: ****
Performance: *****
Ease of use: *****
Documentation: ***
Support: ****
Value for money: ****
Overall Rating: ****

For: Policy-based security, unique client utility, link optimisation forimproved performance, session persistence, very intuitive management

Against: Server best kept dedicated as it can get finicky with othernetwork applications running on it

Verdict: NetMotion delivers a superb range of features that makes IPsecand SSL VPNs look positively antiquated.

prestitial ad