The core platform offering from NCP, NCP Secure Enterprise consists of multiple components that together facilitate centrally management remote access through IPSec- or SSL-based client-to-corporate communications. Modules of the platform include the Secure Enterprise Gateway, high availability services for the Secure Enterprise Gateway, the Secure Enterprise Client, and Secure Enterprise Management (both a server and a console).

The Secure Enterprise Gateway (or Secure Enterprise Server), is the main communication point within the organization, providing an access point for Secure Enterprise Clients or other Secure Enterprise Gateways at remote locations. Router, bridge, and gateway deployments are all supported; with both dial-in and dial-out connections. The vendor states that any PC-based system can be used as the hardware; with its capacity determining the overall performance. Configuration is via the Secure Server Manager (included).

High-availability services are optionally offered for the Secure Enterprise Gateway, for both single gateway deployments (where the HA software provides backup with failsafe features), and scenarios where the HA software can load balance tunneling amongst multiple deployed gateways.

On the client side, the Secure Enterprise Client component (Windows 2000/XP/Vista, CE, Mobile, Symbian, and Linux) facilitates IPSec-based access from the client to the vendor's or 3rd party VPN gateways. Beyond its tunneling capabilities, the client also supports a personal firewall, support for one-time password tokens, and support for PKI certificates. Additionally, when used in combination with the vendor's Secure Management software, endpoint policy enforcement is supported wherein the client machine's environment must meet policy-based definitions before being allowed to access the corporate network.

Finally, the Secure Management component--which itself consists of both the Secure Management Server (Windows 2000/XP/2003, Linux) and Secure Management Console (Windows 2000/XP/2003)--provides the central management point for corporate administrators. The Management Server connects to a (required) DB via ODBC communications (Oracle, MySQL, MS SQL, MS Access, and MaxDB are all listed as potential DBs) and includes an integrated RADIUS server. Multiple plug-ins can be used as needed and in combination with the server, providing system monitoring, client firewall configuration, remote server configuration, endpoint policy enforcement, PKI enrollment, and RADIUS management. The endpoint policy enforcement, in particular, enables administrators to craft policies that specify conformance details of the endpoint in order to allow access to the corporate network; including such metrics as operating system and version, client version, file information, virus scanner status, and more. Potential actions for endpoints found to be in violation of the policy include logging, client message display, sending a message to the management server, release of all or selected firewall rules, and disconnect.

Closely related to the Secure Enterprise Client is the vendor's Secure Entry Client, a stand alone VPN client for Windows, CE, or Linux machines, with many of the same features as its Secure Enterprise Client cousin (but not central management and configuration).

New features of the Secure Enterprise Client include support for Wireless Service Provider Roaming (WISPr), support for multiple certificates, UMTS card-based enhancements, the ability to monitor VPN connections and enforce limits, and, when used in conjunction with the Secure Enterprise Management platform described above, the ability to push/manage NCP software updates to clients through the LAN (with or without a VPN connection).

NCP Secure Enterprise is available now. Visit the NCP Web site for further information.