NetMotion Mobility XE 7.2
Policy-based security, unique client utility, link optimisation for improved performance, session persistence, very intuitive management
Server best kept dedicated as it can get finicky with other network applications running on it
NetMotion delivers a superb range of features that makes IPsec and SSL VPNs look positively antiquated
Despite the clear need for businesses to embrace mobile working, security remains one of the biggest concerns. The traditional methods for securing remote access, IPsec and SSL VPNs, both have their pros and cons. IPsec VPNs are better suited to permanent site-to-site connections, as they are hideously complex to manage for mobile workers, while most SSL VPN solutions are appliance-based. Neither copes well with intermittent connections, both are mostly bandwidth unaware, and few models have connection optimisation or quality-of-service (QoS) capabilities.
NetMotion's Mobility XE is a software-only solution that offers all these features and more. It creates highly secure encrypted tunnels and uses security policies to control clients. Workers in the field will appreciate NetMotion's application session persistence (ASP), which allows active sessions to be sustained when, for example, the network link goes down. ASP can keep the session alive - for days even - and will pick up where it left off as soon as network connectivity has been restored.
Mobility XE comprises three software components: a server managing incoming connection requests and policy management; a warehouse to store policies, connection information and mobile client device registration; and the mobility client. The latter is a key component as it takes control of all wired and wireless network interfaces and presents a single virtual interface. All IP traffic passes through the mobility client, giving it total visibility and control over the network traffic. It manages encryption up to 256-bit AES standards and is FIPS 140-2 certified.
Link optimisation is achieved with NetMotion's patented internet mobility protocol (IMP). This reduces the payload significantly when it comes to wireless connections as it leaves the IP header alone, but replaces the TCP header with a user datagram protocol. The IMP header contains information about encryption, packet sequencing, link quality and acknowledgements, yet only adds eight bytes to each packet as opposed to the 62 byte payload added by IPsec.
We found installation on our Windows 2003 system easy enough, with the server and warehouse loaded in around 30 minutes. These components can run together or on separate systems, and you can use warehouse replication for improved fault tolerance. Servers can be clustered with up to 12 in a pool, and each one can manage up to 1,500 concurrent connections.
Policies are easily created from the intuitive management interface and allow you to control how a client behaves, depending on the connection type and traffic conditions. Rule conditions can include SSID keywords and BSSID addresses, allowing you to restrict client hot-spot activities.
We found the ASP roaming features worked particularly well during testing. We used a laptop that had both wired and wireless connections with the latter selected via the mobility client. We started an FTP download and pulled out the wireless PC card after a few minutes. The client acknowledged the lost connection, picked up the LAN link and after re-establishing a connection the FTP transfer resumed without a hitch - all in under five seconds.
To test NetMotion's link optimisation we configured our lab's Network Nightmare WAN simulator to set up a flaky 56Kbps GPRS connection with a 420ms latency and 20 per cent packet loss. With the mobility client bypassed on our test laptop, it took 50 seconds to get a listing of an FTP directory from a server on the LAN, and we then copied a 127KB Word document from the server in 150 seconds. With mobility client reactivated, the file was copied in 107 seconds. We then increased packet loss to 30 per cent to simulate a very poor quality GPRS link. Copying with the mobility client active took 230 seconds, with the client bypassed it took three attempts before we could get a connection to the FTP server and even then the download failed to complete.
Mobility XE is a slick solution to the problems faced by mobile workforces. It provides the tools to ensure productivity isn't affected by poor quality or intermittent network connections.