The SP in Array SP stands for Secure Proxy, which goes a long way to describing what this appliance is all about.

That said, it's a lot more than just a proxy server; it provides a common interface for the secure delivery of web applications to both local and remote users over secure socket layer (SSL) encrypted connections.

The SSL processing is all offloaded to the appliance, and the Array SP handles user authentication and access policies. It can transparently redirect URL requests to deliver a unified view of web services, whether being accessed locally on the corporate network or by external users.

The Array SP is built on a custom hardware platform delivered in a rugged and secure rackmount case. However, the appliance is sized not on normal hardware factors but by network bandwidth and the ability of the built-in SSL processors to handle multiple user sessions.

To this end the top-of-the-range 3U Array SP (reviewed here) can be configured with up to four Gigabit Ethernet interfaces (copper or fibre) and SSL acceleration hardware to support up to 32,000 concurrent user sessions.

It can also be clustered up to 32-way for both redundancy and performance scalability on large enterprise networks, with a smaller 1U version available for companies with more modest requirements or for departmental use.

Both models run the same custom security-hardened software, ArrayOS, based on the Array Networks Application Networking Architecture.

A major feature of the OS is its Speedstack technology, whereby network packets traverse the IP stack just once, regardless of the security measures applied, for maximum throughput.

The SSL acceleration hardware and clustering facilities also enhance performance, and optional compression software is available as a £4,300 ex VAT upgrade, to reduce the physical amount of data transmitted.

Some initial configuration using a local console is required to get the appliance up and running. This includes assigning suitable interface and gateway addresses and so on, after which all further work is done from the graphical Array Pilot browser-based management console.

Using this it's possible to both monitor activity (from the Flight Deck display) and configure the ArrayOS software. The first step is to define a virtual host for each URL to be serviced by the Array SP and the type of user authentication technology associated with each one.

A built-in database can handle up to 10,000 users, with unlimited directory support using Lightweight Directory Access Protocol, Remote Authentication Dial-In User Service and Active Directory.

There's support too for SecurID and Public Key Infrastructure systems with the Array SP able to pass client-side certificates to back-end servers and enforce its own certificate revocation lists.

Comprehensive and very granular access controls can be set by user, user group or IP address from the Array Pilot console, but the web resource mapping, which redirects client URL requests, works more or less automatically.

Similarly, it's easy to configure what Array calls one-time URLs with built-in timeouts to handle security issues associated with cached content, stolen cookies and other misappropriated tokens.

The security in ArrayOS is built around SSL so there's no need for special client software other than a standard web browser. From the client end very little changes, other than using the Array SP as a portal to access the protected web applications and services.

Users can also be allowed access to Unix and Windows file shares, with support too for Outlook Web Access for web-based email. The lack of any integration with legacy (non-web) applications could be an issue for some organisations.

On the plus side, full logging of all transactions is standard and you get a system and administration toolkit with support for realtime alerting, remote user management, password recovery and so on.

A basic stateful inspection firewall is built into the software to protect against common Internet threats and virus scanning can be added via Internet Content Adaptation Protocol.

Contact: Array Networks +32 3 295 0955 (Belgium)
www.arraynetworks.net