AGAT Press Release

Stay up to date on the news, learn best practices, and much more.

LyncShield Reveals New Authentication Solution for Secure Usage of Lync over VPN

LyncShield, an innovative enterprise solution that secures Lync access and authentication, connecting devices (mobiles and desktops) to the corporate network, has launched a new authentication solution for safe usage of Microsoft Lync (Skype for Business) on Virtual Private Networks (VPN).

LyncShield’s solution is ideal for organizations seeking to leverage their existing VPN infrastructure to secure their Lync deployment. The solution offers device access control in the case of the VPN access being controlled by MDM or certificate, which are available for approved devices only.

“The need for our new VPN solution arose from customers looking for a solution for deploying VPN access control while following the Microsoft recommendation of moving all voice and video traffic through the Internet and not over VPN,” said Guy Eldan, CEO of AGAT Software, which developed LyncShield. “Deploying Lync over VPN results in quality decrease and service latency because of double encryption of Lync traffic over VPN.”

LyncShield now offers a hybrid solution splitting the traffic. Establishing the connection goes through VPN while audio/video traffic is routed through the Edge over the Internet as required by Microsoft. LyncShield’s innovative solution does not require any changes in the VPN infrastructure (split tunnelling).

By implementing the new solution, organizations can verify that only devices with corporate VPN access can connect to Lync to complete the authentication process. At the same time it enables the transfer of the majority of Lync traffic (audio/video) to pass through the Internet resulting in optimal user experience.

From an end user prospective the transition between the VPN tunnel for authentication and the Internet for ongoing usage is automatically performed by LyncShield to preserve optimal user experience. By using this approach, LyncShield can redirect any unregistered device to the VPN for registration. Once the device has accessed LyncShield, via the VPN, the device is registered. The Lync client is then redirected to continue the remainder of the session outside the VPN.

LyncShield’s solution can be configured to require VPN access at every authentication attempt or only once for registration. In such a case, the device will require no VPN access in subsequent sessions as it will already be registered with LyncShield.

Requiring VPN access at each authentication attempt offers a three-factor authentication based on credentials, device and VPN access.