NCP’s Secure Entry Client for Win32/64 (starting at $144) is similar to the TheGreenBow IPSec Virtual Private Network (VPN) client, in that it’s focsued on managing and deploying VPN clients over a broad swath of remote systems. Platforms that NCP supports, include Android, Apple iOS and OS X, Linux, Microsoft Windows (up to Windows 10), and even older systems such as Windows CE and Windows Mobile. NCP Secure Communications has also added a really nice set of management tools and a very easy deployment and connectivity process. Overall, this excellent VPN client does enough to deserve our Editors’ Choice award in the category of universal business VPN clients.
In addition to the client, which can be downloaded for a 30-day trial, NCP offers a couple of additional tools. One tool is the Friendly Net Detection Server, which lets the VPN client detect when it is on a company trusted network or not so that the firewall rules of the VPN client can be appropriately set. VPN Path Finder is the other tool, and its technology detects when the remote client is on a network that doesn’t support IPSec tunneling through its firewall. If it finds itself on such a network, then it switches to an alternate mode that emulates HTTP and can work through the other company’s firewall using TCP encapsulation of IPSec with SSL headers. The only caveat here is that this functionality requires use of the NCP Secure Enterprise VPN server in the data center.
Seamless roaming is another handy capability as it supports moving from one type of cellular VPN connection to another while traveling, without the necessity to re-negotiate the VPN connection each time the connection mode changes. Again, this also requires the NCP Secure Enterprise VPN Server. Finally, the NCP Secure Enterprise Server can work with the VPN client to provide Network Access Control (NAC), ensuring that the remote device cannot be compromised to gain access to the home network.
The NCP Secure Entry Client for Win32/64 works with USB tokens and smart cards, and can also be set up to work with SMS-based two-factor identification. The VPN Server provides features not found in the basic types of VPN servers that are often integrated into firewalls. For example, it includes SSL VPN functionality in addition to IPSec and integrates with existing VPN servers. It also provides integrated firewall and NAC functionality as well as policy-based configuration. The latter enables different groups of remote users to have different levels of functionality and access assigned by users’ group memberships rather than on an individual basis.
Setup and Deployment
Setup of the NCP Secure Entry Client for Win32/64 is straightforward, though the zip file is on the large side at about 70 MB. This is in stark contrast to smaller-sized or even built-in competitors such as the Microsoft VPN Client for Windows. But then again, the NCP Secure Entry Client for Winb32/64 contains quite a bit more enterprise-capable management functionality. While the large file size means emailing it to users probably isn’t an efficient deployment method, NCP has added standardized features to its client that let it leverage your corporate user directory, including not just Microsoft Active Directory (AD) but any directory that adheres to the Lightweight Directory Access Protocol (LDAP).
This ability lets you manage remote NCP remote users through many third-party identity management systems or enterprise software deployment platforms. The NCP VPN Management Server integrates deployment and authentication and management functions. It offers version control, updates of remote clients, and RADIUS in addition to AD and LDAP authentication. It also offers cloud integration to extend VPN services to cloud apps, websites running on compatible web hosting providers, and certificate management and enrollment. The client can be pre-configured and set for a silent install so the user doesn’t have to enter any information or get the chance to change settings. That includes pre-configuration with a certificate, token, or smart card. All this server-side management functionality is split across several back-end products that will cost extra, but access to their functionality is a big part of the NCP Secure Entry Client for Win32/64’s appeal.
On the client’s side, the installer opens a small configuration utility, which can then spawn several other windows. With several windows open, it’s not always clear which one may be used. If the configuration window is open and the profile editor under that as well, then the other windows cannot be used even if they are open. The evaluation client is also pre-configured to connect to a remote IP address, which is a test account at NCP-E.com. This is a nice detail, providing confirmation that the basic setup is viable and that the client can successfully connect a VPN server over the existing network connection.
How We Tested
In our testing, we had no troubles connecting the NCP Secure Entry Client for Win32/64 to our Linksys LRT224 DUAL WAN Business Gigabit VPN router, utilizing that machine’s IPSec server. The client connected without problems and we saw no performance degradation during our test operations.
We created a test network with two different subnets connected with a router on each side (the Linksys on one side and a Netgear on the other), with a wide area network (WAN) simulator from Shunra in the middle. We used various PCs and laptops as clients running Windows 7, 8.1, and 10. Each client was used to connect to one of the routers using the OpenVPN 2.4.3 server or the proprietary VPN server on one of the two routers. All of the clients were able to maintain a speed up to about 92 percent of the WAN link speed (essential full speed when considering the protocol overhead), with very little impact on CPU utilization on the client.
Setting up policies, profiles, and certificates and exporting them is a simple matter. The documentation is clear and covers all of the options. Once these have been created, deploying the VPN client to a remote system is straightforward.
The NCP Secure Entry Client for Win32/64 supports most of the remote systems that an IT admin might want, with a consistent user interface (UI) and features, meaning the support tasks should be the same no matter which client the end user has. As mentioned earlier, the VPN client also includes a robust set of additional features, including NAC, and firewall and authentication capabilities well beyond a simple VPN client. However, NCP’s inclusion of a push-update feature is worthy of additional mention here. The ability to send updates and patches that can be pushed out to the client and applied the next time the client connects can be invaluable in maintaining not only a secure perimeter but an updated and consistent client platform. Having to manage these operations manually, especially in environments with lots of users, isn’t just tedious and complicated. It leaves the door open for missed updates and, subsequently, a weakened attack surface.
The NCP Secure Entry Client for Win32/64 is a strong, enterprise-focused, all-around VPN suite that includes the clients for virtually all of the clients out there. It also includes a VPN server that can integrate with existing hardware VPN gateways, and a management component that makes deployment, administration, and debugging of VPN connections very easy and straightforward. This is about as good as it gets for enterprise VPN systems. Since the product is typically sold through resellers, the price and levels of support may vary. However, the upside is that the more complex features will be familiar to resellers, so initial configuration of the enterprise server components and integration into the existing VPN hardware or software systems should run smoothly.