Company Name: iPass, Inc.
Price: Negotiated per contract
Platforms: iPassConnect 3.0 runs on Windows XP, ME, 2000, NT, 98SE (Older iPassConnect versions
Bottom Line: Promising approach to bring roaming corporate users under one umbrella
In a nutshell: Friendly client provides global roaming access to company intranets over nearest analog dial, ISDN, wired broadband, or Wi-Fi access points.
- Convenient, cost-effective Internet access finder for employees who travel
- Easy-to-use "dial-up" client now covers wired broadband and Wi-Fi too
- Integrates easily with VPN clients, firewalls, and other security measures to keep credentials and data traffic safe, even when used at public hotspots
- Requires iPass Corporate Access infrastructure or managed service subscription
- Wi-Fi hotspot locations far more limited than dial-up, but growing fast
- Currently supports just one personal WLAN (e.g., home WLAN)
If your company supports remote access by travelers, you may already be familiar with the iPass Global Roaming Network. I've used iPass for years, launching the iPass client on my laptop to find local Internet access numbers far from home. Using a consortium of ISPs in over 150 countries and a clearinghouse for authentication and billing, iPass saved me plenty by avoiding long distance calls. I connect to a nearby ISP, authenticate with my usual login/password, gain access to the Internet, and am charged for roaming time by my home ISP. iPass Corporate Access extends this infrastructure to facilitate Internet-based access to corporate networks. Here, the company (not the ISP) authenticates roaming users and enforces corporate security policies (e.g., use of VPN clients on remote devices).
The newest version of this client, iPassConnect 3.0, has been over-hauled to add many new features, including Wi-Fi roaming. iPass users are no longer limited to dial-up. The new client searches for analog, ISDN, wired broadband, and Wi-Fi access points using the same location-based menu. You can search for iPass-enabled hotspots in a given country, state, or city; the returned list identifies each hotspot by name and location. In the beta I tested, hotspot prices were not visible, but Corporate Access accounts can display prices if they choose. Prices are negotiated for each contract, based on number of users, countries where service is required, etc. An iPass spokesperson told me that Wi-Fi is approximately 10 cents per minute in the US.
In addition, this client "sniffs out" nearby iPass-enabled hotspots, but will not display non-iPass private APs. This is handy if you are visiting or near one of the 1500+ iPass-enabled hotspot locations. If you're working from home and want to connect through your own WLAN, you can configure one "personal AP" entry. However, this one entry must be over-written to connect through a non-iPass AP at a customer site or conference center or hotel where free public Internet access may be available.
Security features include SSL-encrypted login between the client and the enterprise's iPass RoamServer. Standard WEP (but not yet WPA/TKIP) and 802.1X with EAP-TTLS or LEAP are built into the iPass client, and WEP keys are automatically configured when the user authenticates to an iPass-enabled hotspot. The iPass client can be configured to launch any executable upon connect, including security software. iPass has additional hooks for integration with Symantec and McAfee AV software; BlackICE, Sygate, and ZoneAlarm personal firewalls; and Aventail, Checkpoint, Cisco, and Nortel VPN clients. For example, automatically launch your both the iPass client and your VPN client at Windows logon, and automatically disconnect from iPass if the VPN tunnel gets disconnected. iPass can also be configured to reuse the same login/password for both iPass and VPN authentication, eliminating duplicate logon interaction.
Users will appreciate handy features like bookmarking favorite hotspots/dialups and auto-sorted lists based on past performance. However, APs sniffed by iPass are not displayed with the same information obtained by searching the connection book -- in particular, sniffed AP names don't match the book AP names. At least this was my experience with a few Wayport hotspots that are among the handful of iPass-enabled APs in my region (Philadelphia). There are far fewer iPass-enabled hotspots than dial-up numbers, but of course Wi-Fi is a very recent addition to iPass. One expects coverage to expand substantially over the coming months -- for example, iPass recently announced the addition of STSN and ARESCOM hotel hotspot networks. This can only be good news for iPass-enabled travelers who will enjoy having convenient high-speed broadband access to their company's networks.
About the author: Lisa Phifer is vice president of Core Competence, Inc., a consulting firm specializing in network security and management technology. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
This was first published in July 2003