companies are protected behind firewalls, and incorporate VPN (Virtual Private Network)
switches that allow employees to tunnel through the firewall when they are working
offsite (such as home telecommuters). In order to access the VPN switch, you need
a VPN client on the computer you are using. If your company uses the Nortel Networks
Contivity VPN switch, there is one company that provides a VPN client for Macintosh
users: Apani Networks.
The Apani Networks VPN Client enables you to establish secure encrypted tunnels from
your computer to Contivity VPN Switches. This is an IPsec security client that enables
you to encrypt and authenticate your IP-based communications. You can securely access
corporate resources from your computer through either public networks or existing
corporate dial-up facilities. The Apani Networks VPN Client supports authentication
technologies such as SecurID and RADIUS. Purchasing the client includes one year
of maintenance which gives you access to Apani support experts and allows you to
receive free upgrades of the VPN Client software.
OS 8.6 through 9.2.2
OS X 10.3 or higher
Macintosh or equivalent
MB of free disk space
MB of RAM
web browser and
one year maintenance)
NOTE: Volume discounts are available for purchase quantities of 70 or more
Once you purchase a Contivity
client license, there are a few steps you need to follow before you can begin using
the client. After purchasing, you will receive an "entitlement" email.
This email includes the product name, Entitlement ID, and other information related
to your purchase:
Product: Contivity VPN Client
Seat Count: 1
Entitlement ID: 011111
Expiration Date: 12/27/2005*
1. Doe, John, XYZ Company, 408 555-1234, firstname.lastname@example.org.
Role: Billing/Technical Contact
On the Apani web site,
you enter your name, company, email address, and maintenance ID (which is the entitlement
ID). Then you click on "Request Password" and wait for another email.
Requesting Download Password
The next email should
include a password and a URL where you can download the product.
User ID : email@example.com
Downloads may be accessed on the Apani Website at
Click on the download
link provided, then enter the ID and password provided into the prompt, and you then
gain access to the download web site.
Accessing the Download Site
On the web page, you
need to answer a couple of questions and then click on the Agree button. Be sure
to read the questions and answer appropriately, because the default answers will
result with a page that you do not qualify for the product. The correct answer to
both questions is "YES". The next page is then the download page for obtaining
the client. Choose the appropriate client for your platform, and download the installer.
The download will mount a volume on your desktop call "Netlock EAC", and
within it is the Nleac.pkg installer. Double click on this installer to install the
The downloaded installer package
Once installed, you
launch VPN access from your web browser. There is no separate client application
to run. All VPN access and settings are managed through your web browser. Overall,
the entire process of getting the software installed is a bit more convoluted than
most Mac software installations, but it is still relatively simple.
When you use the VPN client for the first time, there are a couple of things
you need to do. First, you'll be asked to enter your registration information. This
includes your license code that was emailed with your entitlement ID.
First time setup requires product registration
After entering in
the proper information, you'll receive a confirmation page which indicates that you
are now ready to make a connection.
Validated license code
Making a connection
to your company's VPN switch using the Contivity client is a simple process, but
it does require initializing some important information related to your company's
VPN switch. You'll need to establish the security protocol (and related account information),
VPN switch address, your logon ID, and your SecureID password and token.
We start off by naming
the first connection, and entering the destination IP address of the VPN switch.
Note that although your VPN switch may have a DNS name, DNS names do not work with
the Apani client. You will be required to enter the physical IP address.
Naming the location and entering the IP address (IP blurred for security reasons)
Then you specify the authentication method. I selected Group Security, which then
prompts for a group ID and password. The other methods require different information
Selecting Authentication Method
When logging on with Group authentication, you'll need to enter your logon ID (usually
an NT ID), and your company's Group ID and Group password. You have various group
options to select from, and for my access, I selected "Response Only Token".
Establishing Group Authentication (ID's are blurred for security reasons)
Once you setup the group authentication parameters, you will not have to do this
again. This information is saved, and subsequent connection requests will not require
you to go through these steps again.
Back on the main connection page, the last step is to enter your SecurID password
and token response. If you are using a different authentication method, this window
may look different. After entering in the PIN and token, the Contivity client attempts
to make the connection.
Main connection page for entering PIN and Token Response
If the connection fails, it could mean that the VPN switch is down, your internet
connection is down, or any of the required data parameters are incorrect. If the
connection is successful, the Client Connection Monitor is displayed.
Client Connection Monitor after a successful connection
Once the connection
is made, my Mac is connected to my company's internal network. That means I am behind
their firewall, and can access all systems and servers just as if I was in the facility.
I can reach all internal web sites, access internal email, and connect to any servers
that I have login access to. What's really nice about this connection is that nothing
needs to be changed with your system preferences (i.e., you don't need to change
your network information under Network Preferences). The Apani client takes care
of all of that for you. When you disconnect (by clicking on the Disconnect button
in the Client Connection Monitor), your network settings are automatically restored.
There are a few things that you need to be aware of when connected through VPN.
It's important to understand that it is exactly like being at work behind the firewall,
meaning that if you are unable to check your home email from work, then when connected
through the VPN client, you'll have the same limitations. It might seem odd that
you cannot check your home email from home, but you have to remember that from your
Mac's perspective, you aren't at home, you're at work, and your connection is controlled
and monitored by your company's firewall security.
Because the Contivity client is accessed only through your web browser, it's important
to bookmark the page so that you can get back to the Connection Monitor when you
need to. Apani has a bookmark link automatically placed on your desktop during installation.
I prefer to keep my desktop clean, so I removed the desktop link and just added a
bookmark within my browser.
Lastly, there is some settings changes required to make your browser work more efficiently
when connected via VPN. Before being connected to the VPN switch, your browser is
typically connected directly to the internet (or through your home router/firewall).
After connecting to the VPN switch, all external web sites are now outside of your
company's firewall. This means that by default, when you are connected through VPN,
the only pages you can get to without changing anything is your company's internal
web sites. To access external web sites, you need to go into your browser preferences
and setup a web proxy (similar to what you would do when working from within your
facility). The caveat is that once you are disconnected, that web proxy is no longer
valid, and your browser will not be able to surf any pages until you go back into
the preferences and remove the web proxy setting. This can be somewhat of a pain.
Telecommuters that access VPN frequently may wish to use two different web browsers
(such as Safari and Firefox), and have one always configured for VPN access, and
the other configured for direct internet access. It would be a lot nicer if the Contivity
client automatically adjusted those proxy settings for you similar to how it adjusts
your Network preferences.
In terms of stability, I never had any VPN connection drops using the Contivity client
on my Mac. I cannot say the same thing using the Nortel client on my PC. I would
prefer that the Mac client support DNS names, because those are easier to remember;
then again, once you store all of your VPN addresses in your Mac client with associated
names, this isn't that big of an issue. The interface screens were very easy to use,
and they worked just as efficiently as the stand alone Nortel PC client.
Contivity VPN Client is a robust web-based VPN client for Mac OS X. At $90, some
Mac users may remember the phrase "Mac tax" being that our PC brotheren
don't have to pay as much, but it is the only Mac client that supports Nortel VPN
switches. You have to jump through a few hoops before you can get the software installed,
but once installed, it's smooth sailing to connecting to your company's internal
network through VPN. It's very easy to make a connection, and the Apani client handles
all of the necessary Network settings automatically when connecting and disconnecting.
The only changes you'll have to make are setting up a web proxy when connected, and
removing it after being disconnected. The connectivity was very stable in all my
testings, and the web interface is simple and easy to use. Of course, the biggest
advantage of the Contivity client is being able to use your Mac for connecting to
work, allowing you to work on the platform that makes you most productive and brings
you the most enjoyment.
- Easy VPN Access from
- Works with any web
- Performs all network
- The only client that
supports Nortel VPN switches
- Priced slightly high
for a browser-dependent tool
- Requires manually
changing browser settings (or using two browsers)
- Does not recognize
- Download process
could be simplified
4 out of 5 Mice