I always get nervous when a company I'm using gets acquired. Often, this means that development gets stalled and necessary upgrades take forever to come out. That's if they come out at all. Take Aventail for example. When Apple announced OS X 10. 5 (Leopard), Cisco and Juniper had already deployed VPN solutions that worked under this operating system. So why couldn't Aventail do the same? This isn't rocket science, folks. It's software. The most likely reason is that Aventail was in the middle of being acquired by SonicWall and was distracted from their core business of supporting their customers.
As a result, anyone using a Mac and connecting through an Aventail SSL device must wait for that company to release a new SSL VPN client in order to upgrade to Leopard. Those who have already upgraded are out of luck. Aventail support tells them to run 10.4 and that 10.5 is not supported. Ever try to back level an operating system? Yeah. Right. Backup, format, reinstall from scratch. Not fun.
Go ahead, tell me that the Mac population is insignificant. Compare to the Wintel world, sure it is. But it's growing. And that means that software and hardware vendors need to pay closer attention. I visited one major financial organization where most of the Director level and above uses Macs. Now put yourself in the shoes of that IT department. If they are using Aventail, and the C-level folks upgrade to 10.5 (Leopard), what's going to happen? Broken VPN connections, upset Directors, and pressure on IT to find a solution. And you know what that solution will be. "Dump Aventail and find something that works with my system!" Of course, IT could always tell the Directors and above they need to move to a Windows machine. Sure. That would work.
IT customer devices are become more and more personalized as the consumer tech world invades the enterprise. This makes IT's support job harder and places pressure on the vendors to make sure a myriad of devices will work when either they upgrade their products or the device manufacturer upgrades theirs. The customers don't care. They just want IT to work, and they will create the pressure necessary on their internal departments that will be translated to vendor buying decisions. The vendor community needs to keep this in mind.
Excellent piece, Aventail's poor handling of the whole Leopard release should certainly give companies pause for thought when considering a VPN provider.
I work for a Fortune 50 and used to use Aventail... until Leopard... the company have really been put to shame by their competitors, and their own support are doing no favors - claiming that it will be at least "4 to 6 weeks" until a new version may become available. Thats a long time to be within VPN access - its a good job we recently began a trial with Cisco!
Posted by: Chris Korhonen | November 13, 2007 at 09:08 AM
Sorry to hear that you have trouble gaining VPN access on your 10.5 Leopard. In fact our version 8.9 client runs on 10.5 without problems, only a small workaround is needed. Simply create a file named 'avc.noevent' under user's home directory and (re)launch Connect Tunnel or OnDemand Tunnel, this will disable OS event monitoring. We have several customers and partners that are using our VPN on leopard without problems.
Support for the various operating systems is always a race against time. If we test with pre-release code, we can almost get it right, but might hit the wall when the final release is out. e.g. pre-release XP SP2 was working perfectly but a last minute change MSFT introduced made us scratch our heads. I personally also use Leopard since the day it got released, I rely on everything working on that platform for my daily work.
Posted by: Frank Schubert | November 14, 2007 at 06:39 AM
Frank,
Intelligence is of no value unless communicated. My IT department was told by Aventail support there was no fix for this. I searched your website and found nothing relating to 10.5 or Leopard.
I strongly suggest you post detailed instructions for this workaround here and on the Aventail website. That information would have forestalled this posting.
Posted by: Michael Disabato | November 14, 2007 at 08:40 AM
Michael, did you seach on our official support website (requires login). there won't be any such info on the public facing site.
Posted by: Frank Schubert | November 20, 2007 at 07:49 AM
I searched on the official support site (I have a login) and I could not find anything. One of the problems I see with that site is that you are re-directed to the SonicWall support site. I have a post on the forum there about this problem from a couple of weeks ago (as do others), but no-one from Aventail/SonicWall has bothered to even read it as far as I can tell.
Posted by: David Moody | November 20, 2007 at 01:01 PM
Frank,
Our IT (a small company called Kodak) is hopelessly trying to get some advice from Aventail, be it a patch, a workaround or a beta version of 8.9, but unfortunately all we get is the proposed workaround with no explanation on what file format that 'avc.noevent' thing needs to be in....
I work in an industry where a 24 hrs delay in response is considered bad service...
I submitted a case on SonicWall's site and got no response other than the automatic "thank you" message.
I then submitted a SALES request on the same site and guess what? No response either!!!!
With all due respect, our software (which is free BTW) is a 400MB app that requires ALLOT more programming power compared to a dinky little utility app. Complicated libraries, FW & USB drivers, Java and what not, yet it was released for Leopard exactly 5 days after Leopard came out.
Posted by: Yair Shahar | November 29, 2007 at 08:16 AM
Yair,
You are in good company. Our IT Department, which controls access to the Aventail/SonicWall website also has yet to hear back from their Customer Support team.
Like you, we are required to turn around customer requests in short order. Two weeks is not "short order."
Posted by: Michael Disabato | November 29, 2007 at 08:33 AM
I too share your disbelief. Are there any other viable clients for use. I currently am forced to run under XP on VMWare and use the Windows client.
This is unbelieveably bad.
Posted by: Ryan | December 02, 2007 at 08:25 PM
Also hit by the "Aventail Bug" last weekend, when I was asked to do some remote work instead of coming into the office on a Saturday... Had just upgraded to 10.5, everything was smooth, and the Aventail installer didn't even hiccup or complain.
I guess my problem with this fiasco is more that the tech support for this is SO opaque. It's almost as if they don't believe their product is secure, so they can't share support forums, faqs, or even the news that the client doesn't work on their public site. I can understand requiring an email address or the like to login/download the client - but since the client itself is only useful with the hardware, why prevent people like me (non-VPN admins) from upgrading our software ourselves to get around this sort of thing.
Even if the website can't be updated, the app itself could run an update check, and allow direct download... I just don't get why they seem so averse to helping real customers get access to their (expensive) VPN box. Reading the rest of these stories did nothing to improve my opinion of them, either.
Still, they have the luxury of doing things on their own schedule - since our companies have already invested in their hardware, it IS much less likely that we will swap it out for Cisco or the like anytime soon.
Posted by: Deano | December 10, 2007 at 11:51 PM
oh dear oh dear.
Can I recommend folks to look at AppGate (www.appgate.com), AppGate specialise in true unified access control regardless of the device, the location and even the transmission. Wintel, Mac, solaris, symbian all these OS's are treated equal and access is granted based on role, device, location, device config. They also have an SSL client too and offer the full blend of access users demand and organisations need to offer, all from one appliance and one management console, simple.
They even have a usb client so access from dirty devices with whatever OS installed can access apps/services cleanly and securely.
cheers
Paul
Posted by: Paul S | February 28, 2008 at 04:54 AM