Remote access specialist iPass has announced that the next version of its software will include a feature to handle security policy management on behalf of its customers. Any user connecting to the service will have its patch and anti-virus status checked by iPass - against the user's company policy - before it is allowed through to the company network.

The feature, termed Endpoint Policy Management (EPM), was acquired from another vendor (we haven't been able to find out which) last year, and was originally to be released in 2003, but iPass decided to delay in order to integrate it with its own client.

"We were going to bring out a quick version where the user would have needed two pieces of client software," said Tim Gain, sales director of iPass. "[But] users told us to develop a fully integrated version." EPM will be part of iPass version 3.2, due out in April. He was speaking at a broadband briefing held by iPass' main UK partner, Sirocom.

iPass customers who take the EPM option - which comes for a flat monthly activation fee per user - will have access to an iPass server holding details of their security policy. Users logging in will be connected to this server and have their compliance checked, including aspects such as virus protection level, patch status and software version, and then have all updates downloaded before connecting through to the corporate network. "It will all be part of a single sign-on process," said Gain.

The policy will have to be fairly carefully thought out, he conceded, as some users will be coming on through dial-up and might object to slow patch downloads. Future versions of EPM will have the ability to tell what download speed the user is on and, if they need a lot of files, will (probably) just tell them to go and find some broadband if they want to get on the corporate network. "We are in a position to be context-sensitive in future," said Gain.

The service will be integrated with Flexivision, the management front-end that Sirocom provides, so that IT managers can specify different security policies for different users.

IT managers at the briefing asked how users updated to the the policy held by iPass would be kept synchronised with those in the office using other network management tools. Gain's answer was an ingenious suggestion: "Many customers want to use iPass as an on-ramp for all corporate connectivity," he said, a suggestion which some in the audience pointed out would add considerably to iPass' per-user revenues.

Although anti-virus services such as McAfee have their own products to keep users up to date, and Microsoft has patch-management solutions, iPass' idea is to converge all these into one place, with enforcement included. Some companies have many security products, he pointed out, which can lead to having several places to apply security policies.