Network Computingwww.networkcomputing.com

Sequel Net Access Manager 3.0 is designed to be a true enterprise-scale solution for monitoring and controlling Internet access, offering detailed access control and accounting. Unlike standard proxy servers or filtering routers, Net Access Manager associates traffic with specific users, collects and processes vast amounts of accounting data, and asserts high ly granular access controls to individual users' Internet usage. Designed primarily for Microsoft Corp. Windows NT and Novell NetWare networks, it dynamically associates real users with their specific activity, rather than accounting for traffic via simple IP addresses.

Using various "filters," Net Access Manager tracks usage or actively blocks connections to certain sites throughout the Internet. The IP monitor is a passive filter used primarily as a usage-accounting tool, tracking and reporting every user's Internet activity. When used as a gateway or via its proxy server plug-in filter, however, Net Access Manager enforces complex usage policies specific to a large group or a user by blocking the outgoing traffic.

I tested a beta version of Sequel Net Access Manager in both its passive IP monitoring and proxy server plug-in modes in Network Computing's Syracuse University lab. Because it requires a back-end SQL database to store user profiles, access permissions and all accounting data, Net Access M anager is not a lightweight tool. I installed the product on a Pentium Pro 200-MHz workstation with 128 MB of RAM running Windows NT Server 4.0 and Microsoft's SQL Server 6.5. Activating its proxy filter, I tested Net Access Manager's ISAPI (Internet Server API) plug-in using Microsoft's Proxy Server 2.0. (An NSAPI plug-in for Netscape's Proxy Server also is available.)

Big Brother Is Watching You If direct enforcement of access policies isn't necessary and usage accounting is your primary goal, then Net Access Manager is for you. Its IP monitor works passively, "sniffing" Internet traffic as it passes by. Running continuously, Net Access Manager builds a database of historical usage statistics. Using Sequel Administrator, it generates activity reports to highlight which destinations users access and what protocols they use, as well as the amount of information downloaded and the time spent online. This is useful in environments where usage is charged back to individuals or departments. Although it cannot block users' Internet connections in its passive IP monitor mode, Sequel Net Access Manager highlights violations of usage quotas and acceptable use policies in exception reports.

When using the gateway or proxy server plug-in filters, Net Access Manager's strengths in granular access control and policy enforcement play an active role. Either as an IP gateway (think of it as an IP router with user-based filtering rules) or as a plug-in to Netscape or Microsoft proxy servers, it lets you define complex Internet-access policies beyond the capabilities of standard proxy servers. Using the Sequel Enterprise Manager GUI, policies limit access by time of day (in hourly increments for each day of the week), protocol type, traffic quotas and access control lists of sites and file types. In addition, you can apply individual access rules at various levels, ranging from the entire enterprise, logical groups or individual user. I tested various policies using the Microsoft Proxy Server plug-in. Violations of time-of-day restrictions, limited protocol and file types, as well as accessing restricted sites, all yielded blocked connections with text messages from Net Access Manager in the Netscape or Internet Explorer window.