Netscape founder brings instant extranets to Europe

Neoteris will open its first European office this week as it seeks to bring its shrink-wrapped security product to the UK

Netscape founder Jim Clarke's new company Neoteris is opening its first European office this week as it seeks to cash in on what it sees as growing dissatisfaction with classic Virtual Private Networks (VPNs).

The office, in Bracknell, Berkshire will be headed by former HP executive Paul Donovan.

Neoteris sells a single product line, the Instant Virtual Extranet (IVE) appliance, which it bills as a solution for companies that currently support many remote workers on virtual private networks. The appliance sits at the edge of a corporate network and allows remote users to access Web-based applications, network shares and other resources through a Web browser.

The IVE is part of a growing trend of security firms to package network access in an appliance. In March, Nexsi Systems -- whose chief executive is another Silicon Valley luminary, former Sun executive John McFarlane -- launched an appliance that combines firewall, load balancer, VPN, security and other features.

And more recently, Burton-on-Trent-based Lansition began distributing the Netilla service platform in the UK -- a hardware device which sits in the demilitarised zone of the corporate network, acting as a proxy and delivering specific corporate applications to users who can access them from any Web browser client.

Netilla creates an SSL-based VPN, overcoming limitations of regular VPNs, which can handle only Web-based applications, by acting as a proxy to systems accessed through Windows Terminal Server.

The approach taken by Neoteris is more similar to Lansition's Netilla. It is not a VPN, said Jason Matlof, vice president of marketing and business development. "The problem with VPNs is that they are very unscaleable. They rely on a client-server model so you have to have the right software installed, and this has overheads in the initial configuration and ongoing support, and there is an inherent security problem because when you deploy a VPN you are extending your network perimeter."

"VPNs are valuable but they have support issues, making them hard to scale much beyond 100 nodes," Matlof said. Each Neoteris IVE appliance can support thousands of users and needs no configuration of servers or clients to do so.

A user accesses the Neoteris IVE using Secure Sockets Layer -- the same technology commonly used to encrypt credit card data and other personal information over the Web. The Neoteris IVE then translates the request to a URL that can be sent to a server within the company's firewall.

"This proxy mechanism means you don't have to make any changes either to the client PCs or to the servers," said Matlof. "You never have sessions with the resource itself. Only with the appliance."

Even though users never have direct sessions with network resources, said Matlof, they can access terminal sessions, Web applications and hard disk shares. Protocols supported include CIFS and NFS for file shares, and HTML, DHTML, JavaScript and Java for Web-based applications.

"It means you don't have to deal with security on an application by application basis," said Matlof. "Citrix, Microsoft Peoplesoft, Siebel, Oracle -- they all have Web front ends but they are not security companies, so you have to harden the operating system, deploy Web servers and maintain security patches -- you're effectively building an extranet. We imply the elimination of all that deployment, all that maintenance. You just deploy one server."

For authentication, IVE can use a number of protocols including LDAP, SecureID, X.509, Radius and NIS.

The Neoteris IVE starts at £7,000 plus VAT for 50 simultaneous sessions, and prices go up to £75,000 and above.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Security News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.