Strengths: Low cost and easy to configure.
Weaknesses: Connector agent might cause problems.
Verdict: Covers most of the bases, but may fall short for more demanding users.
Permeo’s Base5 is a RedHat-based solution that turns a standard server into an SSL VPN. Obviously, this means you need to supply your own server, and you will need to check the hardware support – our first attempt to install the software crashed anaconda (RedHat’s installer) in its usual ugly way.
Take two, on a different system, installed fine. The install appears to be fairly standard RedHat Linux, with most services removed and only SSL and SOCKS services open. But no packet filtering, so we wonder if the software might be open to ICMP DoS attacks.
The admin interface is very clean, and uses a bottom bar with green and red lights to indicate the status of various services. To get started, you create an initial user and group, and a server with an access rule and default set of applications. We would have liked this to be less rigid: some users might prefer to set up all the user configurations first, for example.
The software works differently from other SSL VPNs. It uses SOCKS for proxy forwarding, by assigning a second IP address (even if you only have one interface), which listens on the HTTPS port of 443, rather than the normal 1080. Support for web applications and port forwarding is all there, and handled everything we wanted it to, although the options are somewhat basic.
At the user end, Permeo offers a browser portal like most other products, but prefers to run the Base5 Connector agent on users’ systems when they connect (so it is not, in fact, client-less at all).
The connector handles access to resources, but puts shortcuts in a system tray icon/menu and closes the browser window from which the connector was launched. Come IE7, with multiple tabs, that may mean users lose an entire set of browsed pages.
And when you disconnect, the connector forcibly closes all your running applications without warning. Maybe your users would get used to it, but don’t bet on it.
Despite being a Linux-based product, the front-end is very Windows-centric: all the endpoint items like the connector and the software checks only work on Windows. We liked the ability to check for a specific MD5 hash of an application, rather than just the EXE name, but did wonder if that would cause problems when a patch changes IE’s checksum.
Overall the Permeo solution is an interesting take on SSL remote access, and is priced attractively.