In June I tested SSL-Explorer as an inexpensive "clientless" SSL VPN solution, and in August 3dsp announced the availability of a pre-built Virtual Appliance.
With the new VMware Infrastucture 3 implementation we are deploying at work, I figured it would be a great chance to get the Virtual Appliance tested in a live environment. The last time I looked at SSL-Explorer, I tested it inside a VM on my workstation at home, but this time around I wanted to run it on ESX Server 3.0.
The downloadable appliance from 3dsp.com is, naturally, a VMware player image so I had to convert and import it into my ESX cluster. Enter VMimporter from VMware which is currently a Release Candidate. VMimporter allows you to convert third party virtual machines and images from Symantec Backup Exec System Recovery and Microsoft Virtual Server into VMware compatible VMs. It can also be used to convert VMs across different VMware product formats, which is what I needed to put the appliance on my ESX servers.
The process is very straight forward, all you need to do is to point the software to the image/VM you want converted, and where you want it converted to. It then proceeds to copy the converted VM to your VMware storage area and registers it in the VMware Virtual Infrastructure Client.
The conversion of the SSL-Explorer Appliance proceeded without any problems at all, and after it booted all I needed to get it up and running was to configure the network settings appropriate for my network.
This includes giving the converted VM the correct NIC setup in VMware to place it in our DMZ zone. All in all, it took about 10 minutes to get it up and running on VMware Infrastructure 3, including setting up an initial RDP based access application inside SSL-Explorer.
Be sure to read the README file included in the appliance download, as that contains usernames/passwords as well as the initial network setup that it ships with.
All in all, the SSL-Explorer Appliance does a wonderful job, and it's easy to set up. The appliance gives end users a great way of testing the application and do a very quick implementation of the software.
The only problem I had with it, was the fact that I want to test it's Active Directory integration. As far as I can tell, you can't reconfigure the appliance to have AD support since thats a install time option. 3sp should have included some tool that lets you reinitialize the software and let you go through the installation wizard if you want to do so.
Update:
After sending an email to 3sp, I got the following reply:
First stop the SSL-Explorer service; this can be done through the web interface Shutdown option. Now navigate to the SSL-Explorer directory and run the following command: ./install-sslexplorer This launches the Installation Wizard, now point your web browser to http://192.168.1.245:28080, during the wizard you will be prompted to select the type of database to be used, select Active Directory on the next page you have to enter your AD details, due to a bug in the current version please ensure that these are correct the first time. Once you complete the Wizard setup mode will stop, to restart the service enter the following command. service sslexplorer start
So, they do have a reinit option. Great!
