Vernier Embraces Clientless Authentication

CRN Test Center engineers recently evaluated Vernier&'s EdgeWall Express, which provides network access management for either wired or wireless networks. The offering is comprised of Vernier Control Server and Vernier EdgeWall in one single rack-mountable appliance. EdgeWall, deployed at the access layer of the network or at the edge of the network, looks for traffic and enforces policy, while Control Server is responsible for authentication and centralized policy management.

Vernier&'s approach encourages companies to move away from prevention and defense provided by agents installed at the desktop or server level and relies instead on clientless, network access hardware and software technology that scans, blocks, quarantines and protects.

The EdgeWall Express device includes all the capabilities one would find in a higher-end appliance. The unit considered for this review was designed to accommodate 250 to 500 users, but Mountain View, Calif.-based Vernier makes appliances that are scalable to the enterprise.

The scanning capabilities built into EdgeWall Express allow it to detect worms and viruses in realtime, while preventing propagation to other devices on the network. The device is intended to assure administrators who have little or no control over who accesses the network that the infrastructure is being scanned and cleaned continually. For example, solution providers could sell the $11,000 device into hospitals, which typically must support roaming doctors and/or visiting patients that need may need service.

One area where the appliance excels in prevention involves thwarting the flow of denial-of-service (DoS) traffic. The network access management control policy is so granular that administrators can even specify time and Web traffic constraint parameters for each individual user who accesses the network. This enables solution providers to offer a proactive approach to security, which can prevent rampant viruses and Trojan horses from entering the network.

A typical example of how the appliance grants permission and authenticates users is as follows: The user plugs into a network through EdgeWall, which then reaches out and talks to Control Server. The server, in turn, works in conjunction with any of the back-end authentication solutions the network has in place such as Novell NetWare NDS Authentication, for example.

Once authentication occurs, the appliance conducts a Layer 2, 3 and 4 network vulnerability scan, checking the client device being used to access the network for any viruses. From that point, the patch link management server takes over and the Control Server talks with the patch link server to determine the patch status for the device that has just entered the network.

EdgeWall Express can be configured to deal with client devices in one of three ways once this sequence is completed. Compliant devices can be granted access, while noncompliant, contaminated or unknown devices can either be quarantined or patched and cleaned up to comply with network policy.

Vernier, which bills itself as 100 percent channel-focused company, said solution providers can expect to see 30 percent margins on Vernier products and up to 35 percent on support services.

The Vernier Vantage Partner Program has been in existence for more than three years. There are three partner levels—Gold, Silver and Bronze—as well as two support tiers. Authorization for the different partner levels is based on the solution provider&'s commitment to Vernier products from a technical, sales and marketing standpoint. The company requires field and corporate interaction between partners and Vernier employees, expertise in networking and security practices, and a demonstrated ability to meet predetermined revenue goals within nine to 12 months.