Odyssey Access Client / Odyssey Access Server

Odyssey (formerly from Funk Software, who has been acquired by Juniper Networks), available as a client/server platform for Windows machines (both client and server can be implemented separately, assuming compatible components), is an access control platform for Wireless LANs. The Odyssey Server runs on Windows 2000 Server/Pro and XP Pro; while the client runs on multiple Windows versions including 98/Me/2000/XP, and Pocket/Mobile PC (the new FIPS edition runs on Windows 2000/XP).

In brief, Odyssey provides a Windows client for connecting to a wireless LAN, and a server component for authenticating users who request connectivity to the wireless LAN. The client can connect to any WLAN that is compatible with the authentication protocols supported by the client, which include EAP-TTLS, EAP-TLS, EAP-PEAP, LEAP, EAP-MD5, EAP-FAST, and EAP-SIM; and the server, a RADIUS server customized to handle WLAN users and security, can authorize connectivity from any 802.1x client that supports WLAN authentication types. The client connects to an AP, which in turn contacts the server with the identity (user name) of the requesting client. The server then challenges the client via a specified authentication protocol, and if the client agrees to the protocol, supplies credential information. The client and server then negotiate until a successful authentication results in a working connection to the LAN or the authentication attempt is rejected.

Key among the features of the Odyssey platform is its support for the EAP-TTLS authentication protocol. Primary benefits of this protocol as noted by the vendor include the wrapping of credential information in encrypted packages (i.e., the user's id and password themselves are encrypted when transmitted along the wire); and authentication is processed without requiring certificates on the client computers.

In addition, both client and server are mutually authenticated, and encryption keys are generated dynamically per session (including the ability to re-authenticate and re-key at any interval); features which are also supported in the EAP-PEAP, EAP-TLS, and LEAP protocols.

Other features of the Odyssey platform include:

- Ability to forward EAP-TTLS authentication requests to external RADIUS servers for authentication

- Ability to authenticate directly against Windows 2000 Native Domain or NT Domains

- The server maintains a log file detailing WLAN access activities

- Deployment tools for admins

- Support for WPA2, including AES based encrypted communications

- Permits 802.1X authentication in either ad-hoc mode or in traditional infrastructure networks

- Supports Cisco's EAP-FAST and EAP-SIM

- Can utilize Microsoft machine credentials to authenticate machines (against their computer account in AD) when the user has not logged in

Odyssey is available now. Client pricing starts at $50 a machine, with volume discounts available; the server is priced at $2,500, which includes 25 clients; and the new FIPS Edition Client costs $1,781.25 for a 25 client license, (includes an annual maintenance and support contract).

Visit the Juniper Networks Web site for further information.