Overview
Most companies are protected behind firewalls, and incorporate VPN (Virtual Private Network) switches that allow employees to tunnel through the firewall when they are working offsite (such as home telecommuters). In order to access the VPN switch, you need a VPN client on the computer you are using. If your company uses the Nortel Networks Contivity VPN switch, there is one company that provides a VPN client for Macintosh users: Apani Networks.

The Apani Networks VPN Client enables you to establish secure encrypted tunnels from your computer to Contivity VPN Switches. This is an IPsec security client that enables you to encrypt and authenticate your IP-based communications. You can securely access corporate resources from your computer through either public networks or existing corporate dial-up facilities. The Apani Networks VPN Client supports authentication technologies such as SecurID and RADIUS. Purchasing the client includes one year of maintenance which gives you access to Apani support experts and allows you to receive free upgrades of the VPN Client software.

Requirements

• Mac OS 8.6 through 9.2.2
• Mac OS X 10.3 or higher
• Power Macintosh or equivalent
• 20 MB of free disk space
• 128 MB of RAM
• A web browser and internet connection

Price

$95 (includes one year maintenance)

NOTE: Volume discounts are available for purchase quantities of 70 or more

Installation
Once you purchase a Contivity client license, there are a few steps you need to follow before you can begin using the client. After purchasing, you will receive an "entitlement" email. This email includes the product name, Entitlement ID, and other information related to your purchase:

Product: Contivity VPN Client
Platform: Macintosh
Seat Count: 1
Entitlement ID: 011111
Expiration Date: 12/27/2005*
Authorized Contacts:
1. Doe, John, XYZ Company, 408 555-1234, johndoe@xyz.com.
Role: Billing/Technical Contact

On the Apani web site, you enter your name, company, email address, and maintenance ID (which is the entitlement ID). Then you click on "Request Password" and wait for another email.

Requesting Download Password

The next email should include a password and a URL where you can download the product.

User ID : johndoe@xyz.com
Password: abcd3e9

Downloads may be accessed on the Apani Website at
https://support.apani.com/cgi-bin2/download.cgi

Click on the download link provided, then enter the ID and password provided into the prompt, and you then gain access to the download web site.

Accessing the Download Site

On the web page, you need to answer a couple of questions and then click on the Agree button. Be sure to read the questions and answer appropriately, because the default answers will result with a page that you do not qualify for the product. The correct answer to both questions is "YES". The next page is then the download page for obtaining the client. Choose the appropriate client for your platform, and download the installer. The download will mount a volume on your desktop call "Netlock EAC", and within it is the Nleac.pkg installer. Double click on this installer to install the software.

The downloaded installer package

Once installed, you launch VPN access from your web browser. There is no separate client application to run. All VPN access and settings are managed through your web browser. Overall, the entire process of getting the software installed is a bit more convoluted than most Mac software installations, but it is still relatively simple.

In Use
When you use the VPN client for the first time, there are a couple of things you need to do. First, you'll be asked to enter your registration information. This includes your license code that was emailed with your entitlement ID.

First time setup requires product registration

After entering in the proper information, you'll receive a confirmation page which indicates that you are now ready to make a connection.

Validated license code

Making a connection to your company's VPN switch using the Contivity client is a simple process, but it does require initializing some important information related to your company's VPN switch. You'll need to establish the security protocol (and related account information), VPN switch address, your logon ID, and your SecureID password and token.

We start off by naming the first connection, and entering the destination IP address of the VPN switch. Note that although your VPN switch may have a DNS name, DNS names do not work with the Apani client. You will be required to enter the physical IP address.

Naming the location and entering the IP address (IP blurred for security reasons)

Then you specify the authentication method. I selected Group Security, which then prompts for a group ID and password. The other methods require different information to proceed.

Selecting Authentication Method

When logging on with Group authentication, you'll need to enter your logon ID (usually an NT ID), and your company's Group ID and Group password. You have various group options to select from, and for my access, I selected "Response Only Token".

Establishing Group Authentication (ID's are blurred for security reasons)

Once you setup the group authentication parameters, you will not have to do this again. This information is saved, and subsequent connection requests will not require you to go through these steps again.

Back on the main connection page, the last step is to enter your SecurID password and token response. If you are using a different authentication method, this window may look different. After entering in the PIN and token, the Contivity client attempts to make the connection.

Main connection page for entering PIN and Token Response

If the connection fails, it could mean that the VPN switch is down, your internet connection is down, or any of the required data parameters are incorrect. If the connection is successful, the Client Connection Monitor is displayed.

Client Connection Monitor after a successful connection

Once the connection is made, my Mac is connected to my company's internal network. That means I am behind their firewall, and can access all systems and servers just as if I was in the facility. I can reach all internal web sites, access internal email, and connect to any servers that I have login access to. What's really nice about this connection is that nothing needs to be changed with your system preferences (i.e., you don't need to change your network information under Network Preferences). The Apani client takes care of all of that for you. When you disconnect (by clicking on the Disconnect button in the Client Connection Monitor), your network settings are automatically restored.

There are a few things that you need to be aware of when connected through VPN.

It's important to understand that it is exactly like being at work behind the firewall, meaning that if you are unable to check your home email from work, then when connected through the VPN client, you'll have the same limitations. It might seem odd that you cannot check your home email from home, but you have to remember that from your Mac's perspective, you aren't at home, you're at work, and your connection is controlled and monitored by your company's firewall security.

Because the Contivity client is accessed only through your web browser, it's important to bookmark the page so that you can get back to the Connection Monitor when you need to. Apani has a bookmark link automatically placed on your desktop during installation. I prefer to keep my desktop clean, so I removed the desktop link and just added a bookmark within my browser.

Lastly, there is some settings changes required to make your browser work more efficiently when connected via VPN. Before being connected to the VPN switch, your browser is typically connected directly to the internet (or through your home router/firewall). After connecting to the VPN switch, all external web sites are now outside of your company's firewall. This means that by default, when you are connected through VPN, the only pages you can get to without changing anything is your company's internal web sites. To access external web sites, you need to go into your browser preferences and setup a web proxy (similar to what you would do when working from within your facility). The caveat is that once you are disconnected, that web proxy is no longer valid, and your browser will not be able to surf any pages until you go back into the preferences and remove the web proxy setting. This can be somewhat of a pain. Telecommuters that access VPN frequently may wish to use two different web browsers (such as Safari and Firefox), and have one always configured for VPN access, and the other configured for direct internet access. It would be a lot nicer if the Contivity client automatically adjusted those proxy settings for you similar to how it adjusts your Network preferences.

In terms of stability, I never had any VPN connection drops using the Contivity client on my Mac. I cannot say the same thing using the Nortel client on my PC. I would prefer that the Mac client support DNS names, because those are easier to remember; then again, once you store all of your VPN addresses in your Mac client with associated names, this isn't that big of an issue. The interface screens were very easy to use, and they worked just as efficiently as the stand alone Nortel PC client.

Summary
Apani Networks' Contivity VPN Client is a robust web-based VPN client for Mac OS X. At $90, some Mac users may remember the phrase "Mac tax" being that our PC brotheren don't have to pay as much, but it is the only Mac client that supports Nortel VPN switches. You have to jump through a few hoops before you can get the software installed, but once installed, it's smooth sailing to connecting to your company's internal network through VPN. It's very easy to make a connection, and the Apani client handles all of the necessary Network settings automatically when connecting and disconnecting. The only changes you'll have to make are setting up a web proxy when connected, and removing it after being disconnected. The connectivity was very stable in all my testings, and the web interface is simple and easy to use. Of course, the biggest advantage of the Contivity client is being able to use your Mac for connecting to work, allowing you to work on the platform that makes you most productive and brings you the most enjoyment.

Pros

• Easy VPN Access from a Mac
• Works with any web browser
• Performs all network adjustments automatically
• The only client that supports Nortel VPN switches

Cons

• Priced slightly high for a browser-dependent tool
• Requires manually changing browser settings (or using two browsers)
• Does not recognize DNS names
• Download process could be simplified

Overall Rating

4 out of 5 Mice