A project unveiled this week at DEMO 07 by Alcatel-Lucent will let enterprise network administrators reach out and touch corporate laptops anytime, anywhere.
The Evros Project has two parts: a PC Card for the laptop and a rack-mounted enterprise gateway. They work together over a wireless 3G link as a network access control (NAC), management, and security system for mobile laptops. The software controls also work over wired or wireless LANs.
"Managing laptops is a problem for the enterprise: when they're unplugged; you lose the connection with the enterprise [management] infrastructure," says Dor Skuler, director and general manager for Evros, which draws on technology from Bell Labs under the auspices of Alcatel-Lucent Ventures. "Our product controls laptops wherever they are, even if they're turned off."
The PC Card makes that possible. Skuller calls it a microappliance. In effect, it is a wireless computer that gives administrators access to the laptop. The card incorporates a cellular 3G modem, CPU, memory, battery, hardened Linux-based operating system, GPS chip to fix the laptop's location, and removable memory.
Kernel-level drivers loaded onto the laptop intercept all TCP/IP traffic and funnel it through the card, where an onboard VPN client creates an encrypted tunnel to the Evros gateway over any network connection.
"The card acts just like a mobile phone," Skuler says. "It lies dormant in deep sleep, 'listening' to the 3G net. When it's pinged, it turns itself on; creates the IPSec tunnel to the enterprise; gets new administration settings, management commands, location query; backs up data; installs a new patch or software update; and so on."
There is no user input required.
Through the card, administrators can enforce data encryption policies for files, folders, and disk via encryption keys on the card itself. If the laptop is lost or stolen, the keys can be deleted remotely, keeping the scrambled data still scrambled.
The Evros card acts as a kind of buffer: New patches or configuration changes can be downloaded over the cell network automatically during the night. When the user powers up the laptop in the morning, the changes are installed or updated automatically.
The gateway is designed as a rack-mounted appliance, with a Web management GUI for administrators. Through the GUI, administrators can set up configuration and security policies, enforced by the Evros software, and interface Evros with existing resources, such as VPNs and various back-end security, encryption, software-update, patch-management and other applications. Skuler says a single gateway can support as many as 16,000 Evros cards.
Evros will support a range of NAC applications and agents from third-party vendors. Skuler said the company is not ready to announce these partnerships, but he did say that Evros fully supports Microsoft Systems Management Server.
The initial installation uses any existing enterprise software-distribution application to download a small agent to the laptop over any available network connection. This agent contains the kernel-level drivers, which reroute packets into the card first and then into the operating system's TCP/IP stack. A user or help-desk technician plugs in the Evros card, and the rest of the automated installation takes place over the 3G network.
The Evros product is just now starting beta tests, and is not expected to be commercially ready until late this year. No pricing decisions have been made. Skuler says it's likely to be a premium, adding as much as US$100 to the average price (about $200, he says) of today's 3G adapters. That price could be subsidized in whole or in part by mobile carriers. The gateway will be priced separately. Skuler would say only that the gateway price will not be an "amount that will drop anyone's jaw."