The Turaya.TrustedVPN appliances – when running in their roadwarrior operational mode – can be also accessed by mobile users on the basis of an IPsec software client. This mode allows for “dialing in” e.g. with your notebook from home our out of a hotel or from any HotSpot into the corporate network and get access therein to any resources in accordance with centrally controlled policies much like working directly within the company’s compound.
The TrustedVPN administrator can create a new user with just a couple of clicks within the Turaya.TrustedObjects Manager. Next, an appliance is selected as access point for such user and finally the user can be assigned to certain logical VPNs which will in turn structure this user’s specific rights. The software required for the client computer can be exported out of the management system with another click.
The required security with respect to the authenticity of the communication partners, to the confidentiality and the integrity of the data transferred will be taken care of at the same high level as between the VPN appliances themselves. The administrator can initiate the creation and the printout of a one-time token by the management system. It is only on the basis of this token letter that a new key pair is generated on the client computer and its public part gets certified by the management system. This certificate enables as a prerequisite a successful connection to the corporate network.
Nevertheless the mobile user is not much bothered with all these preparations. The Turaya.TrustedVPN software client can be easily installed with no questions asked. The configuration program provided solely asks for the one-time token and then lets the user freely select a private password protecting the certificate to be created. Thereafter a TrustedChannel towards the management system is set up over the Internet and the client will be automatically fully configured to reach the specific road warrior access appliance assigned to him and to know how to verify the certificate of this appliance.
When starting the Turaya.TrustedVPN software client one needs just to enter the newly created password in order to get connected to the corporate networks with all its resources as allowances exist. The appliance acting as access point has already got all information to verify the client’s certificate, to create respective firewall and routing rules and to be enabled for forwarding traffic to other appliances and sites as needed.