|
 Beta
1
|
Following the
success of VPN-Q 2006, Winfrasoft are working on the next version of VPN-Q!
VPN-Q 2008 will maintain the same key benefits of the previous version
and introduce new functionality and features that our customers have
been asking for.
VPN-Q 2008 helps secure your VPN connections by checking
the health state of remote endpoint machines while they are isolated in
a VPN quarantine network. Threats from viruses, worms, hackers and
malicious users are everywhere! By ensuring that remote PC's connecting
to your network have up-to-date anti virus software, a
personal firewall enabled and patches installed, to name a few
features, these threats can be significantly reduced.
VPN-Q 2008 introduces a new
member to the lineup - the Express Edition!
Unlike VPN-Q 2006, there will no longer be a
Free or Standard Edition. Customer feedback told
us that the Standard Edition feature set did not
suit requirements well enough and a mix of the
Free Edition and Standard Edition would be ideal
- hence Express Edition. VPN-Q 2008 is expected
to release Q3 2008.
|
|
|
What's new in VPN-Q
2008
VPN-Q 2008 has a new quarantine service
and no longer relies on the Microsoft RQS service. The
new service allows for many new features which were not
previously possible. Because the services are totally
separate, migration from 2006 to 2008 is made easy as
they can both co-exist on the same ISA server giving you
chance to gradually upgrade your VPN-Q clients.
The licence file is no longer included
in the client setup package, which makes it easier to
change licence files and also helps to prevent licence
file theft. To reduce activation connectivity issues,
the new quarantine service will process activation
requests with our activation server so that the VPN
clients no longer need to do this directly. The new
quarantine service also acts a policy server, the new
VPN-Q client receives its policy directly from the ISA
server and does not require AD group policy. This means
that unmanaged & non-domain joined PC's must also now
conform to your VPN security policy. You can still make
use of AD group policy if you wish, but any setting
explicitly set on the VPN server will take priority.
AD computer groups can also be used to
restrict which PC's are allowed to be used for VPN
access - not just users. Simply create an AD group
containing computer accounts and tell VPN-Q which group
to use. If a VPN connection is not made from a PC in
that group they will not be able to clear quarantine
regardless of their health state. Manual computer
objects can also be created in AD for non-domain joined
PC's by specifying the PC's hardware GUID.
VPN-Q 2008 feature set by edition.
Highlighted
features are NEW in the 2008 release:
|
Security Check \
Edition |
Express Edition |
Enterprise Edition |
| Anti-Virus Scanner status and up
to date check |
Yes |
Yes |
| Minimum operating system and
service pack level |
Yes |
Yes |
|
AD
Computer group membership |
Yes |
Yes |
| Automatic Updates status (Patch
settings) |
No |
Yes |
| Security Update status (Missing
patches) |
No |
Yes |
| Windows IP Routing status |
No |
Yes |
| Screen Saver Security settings |
No |
Yes |
| Windows Firewall status |
No |
Yes |
| 3rd Party Personal Firewall
status |
No |
Yes |
| Windows Firewall F&P Sharing
exception status |
No |
Yes |
| Internet Connection Sharing
status |
No |
Yes |
|
Custom
security checks via signed script
(not in
beta1) |
No |
Yes |
|
Other Feature \ Edition |
Express Edition |
Enterprise Edition |
|
Built on
Microsoft .NET 2.0 managed code |
Yes |
Yes |
|
Authenticode signed binaries |
Yes |
Yes |
|
Multilingual client (English, German, French) |
Yes |
Yes |
|
Support for 32-bit and 64-bit Windows XP and
Vista |
Yes |
Yes |
|
Multiple
VPN endpoints from a single dialer |
Yes |
Yes |
|
Native Smart
Card, RSA
SecurID, Aladdin authentication |
Yes |
Yes |
|
Restrict specific AV / Firewall product |
Yes |
Yes |
|
Custom
VPN client branding |
Yes |
Yes |
|
Flexible
VPN client configuration and customisation |
Yes |
Yes |
|
Easier
licensing implementation and models |
Yes |
Yes |
|
Faster
client side checking |
Yes |
Yes |
|
Management \ Edition |
Express Edition |
Enterprise Edition |
|
Manual and Auto pre-shared keys for IPSec |
Yes |
Yes |
|
Policy
enforcement on non-domain joined VPN clients |
Yes |
Yes |
|
Central
Management of policy via Active Directory or ISA
Server |
Limited |
Yes |
|
Central Logging |
Limited |
Yes |
|
Run
custom action scripts before and after
quarantine release |
No |
Yes |
|
Legal Notices
and policy compliance |
No |
Yes |
|
Remediation
capabilities |
No |
Yes |
| Windows Software Update Services
(WSUS) Integration |
No |
Yes |
Note: This is subject to change
before the final release.
Look
and feel
Click a pic for a
closeup of Beta 1!
System Requirements
Minimum Server System Requirements:
- Windows Server 2003
- Microsoft .NET Framework 2.0 (SP1 recommended) or higher
- ISA Server 2004 or 2006 Standard Edition
(optional but recommended) or
- ISA Server 2004 or 2006 Enterprise Edition
(optional but recommended)
- IAG 2007
Note: VPN-Q 2008 no longer supports Windows
Routing and Remote Access.
Minimum Client System Requirements:
- Windows XP with Service Pack 2, including SP3
- Windows Vista, including SP1
- Microsoft .NET Framework 2.0 (SP1 recommended) or higher
Languages:
- The VPN-Q 2008 Client supports multilingual configurations.
Current supported languages include English, German
and French.
- The VPN-Q 2008 Server Manager is
compatible with multi-lingual versions of Windows
Server 2003, however it only available in English. Winfrasoft have tested the Server
Manager on the English & German versions of
Windows Server 2003 SP1, however VPN-Q 2008 is not
limited to these languages. Non-English versions of ISA Server
are not supported.
|
|
 |
F.A.Q.
Q1: Can VPN-Q 2008 Beta 1 be installed on the same
ISA Server as VPN-Q 2006?
A1: Yes, VPN-Q 2006 and 2008 can operate on the same
server at the same time. This side by side deployment is
a recommended upgrade strategy which allows time for VPN
clients to be upgraded without leaving users with no
connectivity. During the installation of VPN-Q 2008 the
ISA server rules are upgraded to the new format although
the rules required for VPN-Q 2006 to function remain in
place.
Q2: Do I have to use Active Directory Group Policy
to configure VPN-Q 2008 client settings?
A2: No, VPN-Q 2008 has its own management service
which enforces policy on remote VPN clients without the
need to use Active Directory. This allows the VPN server
policy to be enforced on non-domain joined clients, or
on clients which are a member of a non-trusted domain.
AD Group Policy can still be used as per the previous
version, however any policy settings set on the VPN
server will take precedence over the AD group policy
setting.
Q3: Do I have to restart the management service
when I change policy settings?
A3: No, the management service will read the policy
from the server each time a client connects, thus there
is no need to restart the service.
Q4: Does VPN-Q 2008 support .NET Framework 1.1?
A4: No, VPN-Q 2008 requires a minimum of .NET
Framework 2.0 to take advantage of better security and
performance.
Q5: Does VPN-Q 2008 support Windows RRAS?
A5: No, VPN-Q 2008, unlike its previous version, does
not support Windows RRAS. VPN-Q 2008 requires Microsoft
ISA Server 2004, 2006 or IAG 2007. Customer feedback
told us that the vast majority of VPN-Q installations
used ISA Server for the extra functionality and enhanced
security, as such we have focused our attention on this
deployment scenario.
Q6: Where do I get a licence file for VPN-Q 2008
from? Can I use the licence from VPN-Q 2006?
A6: A licence for Beta 1 has been included in the
root of the ZIP download. This licence is a shared, time
limited, licence for all beta testers. A licence from
VPN-Q 2006 can NOT be used with VPN-Q 2008. After the
final release of VPN-Q 2008, all VPN-Q 2006 customers
with a valid support contract can request a new licence
key for VPN-Q 2008 at no extra cost.
|
Beta 1
Full Web Download %20200.jpg)
