RSA SecurID Appliance
Strengths: Excellent appliance version of RSA’s authentication suite.
Weaknesses: Setup was finicky and management requires IE.
Verdict: Excellent for two-factor tokens without management complexity.
This appliance is aimed at SMEs wanting two-factor authentication, but which cannot manage their own authentication server. It supports up to 250 users, and automates much of the normal hassle of configuration and management. Despite the SME focus, a larger enterprise might use it to give a core group of users strongly authenticated access to intranet resources.
The appliance is a 1U rack-mountable device, but will be just as comfortable on a desk: it is astonishingly quiet. The box contains a 2.4GHz Intel and 512MB RAM, one hard drive and runs Windows Server 2003 and RSA Authentication Manager.
An LCD panel shows the status, usually the IP address and hostname and whether the device is a primary or secondary.
Set-up is quite sensitive – any other device on the network seemed to result in the appliance refusing connections. And while the reset options can be easily restored to their factory defaults, the front display tells you little about the progress, and the restore takes several minutes while the hard disk is re-imaged and Windows runs through its first-boot set-up. With no feedback or network activity, you might be tempted to restart the appliance, which can leave it non-functional.
Once connected, the device is managed via a web browser over a secure connection, although we were disappointed to see it relies on ActiveX controls and requires Internet Explorer. We would prefer standard browser support, with Java, so it can be managed from, say, an Apple PC using Firefox.
The interface is clean, easy to navigate and has all the right functions for simple environments.
RSA’s login process consists of a username and password, which change every 60 seconds.
RSA has made configuring new users as simple as possible, although with two-factor authentication it must be done per user.
With users configured, the real work begins: setting up resources to authentication using the RSA service. This will typically be in any of three situations: traditional VPN access; local logins replacing Windows login passwords with two-factor authentication; and protecting websites.
We first tested RSA’s Windows login agent in early 2005, and it performed well, with the only downside being higher complexity in the server backend than other products. Coupled with the RSA appliance, the solution really takes shape, and RSA has achieved a major milestone: delivering easily managed strong authentication for small and medium-sized networks.
Web authentication is also easy to configure: sites and URLs to protect are configured and resource files provided that can be used to configure agents on supported platforms such as IIS and Apache.
Elsewhere in the management GUI are options for managing users, in particular maintaining tokens and users. Assigning existing tokens to new users and revoking privileges is easy, too.
Apart from some problems in initial set-up and a strong MS bias, we found little to dislike in RSA’s first foray into the appliance space. Anyone used to ACE/Server or RSA Authentication Manager may find it restrictive, knowing the full capabilities of the platform are tucked out of sight. But for SME administrators without that sort of experience, RSA has done a fantastic job reducing the learning curve and simplifying the process of installing agents and protecting web pages.