Then, when Internet Explorer crashed halfway through the web-driven quick-start, with a virtual site half (mis)configured, we could not get back to the quickstart. And the device locks out administrators if another admin is connected: we kept finding ourselves locked out despite all the connections being terminated.
The system can be configured to allow a new admin session to over-ride the lock.
The interface needs work, too. It is trying hard to be pretty, but is just gimmicky, which is strange, given the industrial strength appliance it is managing. But we did like the “flight deck” dashboard view to show running status.
Front-end annoyances aside, however, this is a very good product. Its availability features and clustering support are particularly impressive, as is its ability to roll back to a known good configuration after a reboot.
From its architecture upwards, it is clearly built for large enterprises. There are a lot of features to limit connections and access permissions across groups and network segments, and performance is addressed with SSL acceleration and HTTP compression.
With that high-end focus, we were not surprised to see good delegated administration, unlike most of the other products on test.
To set up access, a virtual site is configured, creating an operating environment with access and authentication mechanisms, delegated administrators if required, and URL policies and filtering rules. That set, applications are configured as either thin clients or using TCP forwarding, but full layer 3 VPN tunnels can also be configured, including split tunnels, with per-site configuration.
The product also has excellent http rewriting capabilities, and can lock down thin client apps by requiring specific ActiveX CLSIDs or Java code names.
The front-end detracts unfairly from this product, as it really is a high-end performer with some great enterprise features.