It is with a heavy heart that I must announce I’m about to turn off our Juniper IVE’s (aka SSL VPN). In reality, all we were using these for was publishing applications and presenting these as bookmarks on a landing page. It’s been a very capable, reliable product over the years so it will come with some hesitation when I have to hit the shutdown button on these later this week.
I started this blog back in 2011 and most of the posts were about the trials and tribulations on that platform. Being fully “Azured” we decided to go with Azure Remote App and move away from RSA/Juniper SSL combo. Commercially it makes a lot of sense; RSA has been replaced by Azure MFA which is offered essentially for free when you have AD premium users.
It’s more than a little unfortunate that they have now shitcanned the product and wont offer it after August 31st, 2017. We intend on using it until we have something that offers similar functionality. The announcement is here. They are pushing a Citrix solution so it would seem little ironic if we ended up on that given we retired all of our Citrix environment some time ago.
Gartner stopped doing a SSL Gateway Quadrant a number of years ago and had implied that there would no longer be dedicated devices for this purpose. Instead, the function would be rolled into other network infrastructure. I have seen this to be the case where products such as F5’s LTM have been modularised to include this (theirs is called APM). I had done a POC (a long time ago) on both APM and also Netscaler and found these to be capable but expensive products.
We need a device which will terminate SSL connections, present applications to users, and ideally also offer an RDP gateway (as this is quite frankly awful on RemoteApp). Netscaler have an Azure Marketplace image so I might see whether this is a worthy successor. I’m less excited about another IaaS instance to look after but I don’t know if any managed cloud services which fit this space currently.