Pexip Infinity platform management and security features

Transcription

1 Pexip Infinity platform management and security features A white paper by Jordan Owens, VP of Architecture, Pexip. 10 June, 2014 Contact Pexip: w: e: info@pexip.com 1

2 Platform management tool gets a makeover designed to comply with strictest possible US Federal security requirements Pexip Infinity reinforces its security posture. Network and system administrators can feel comfortable that all remote services necessary for management, monitoring, and control of their collaboration and meeting platform are secure. Pexip Infinity is now designed to comply with the strictest available US Federal security requirements. Building on Pexip Infinity s support for IPv6, a FIPS compliant encryption algorithm, and DSCP, the V6 release includes support for SNMP v3, SNTP, AS-SIP and authentication via AD for Management Node login. 2

3 Active Directory/LDAP Authentication Integration with Active Directory will allow Pexip administrators to use their existing Active Directory (AD) or LDAP server to authenticate all incoming connections to the Pexip Management Node. Integration will further allow automatic enforcement of password complexity, expiration, and certificate integration in accordance with existing organizational policies and procedures. Authentication into systems is best served by offering a single source of truth in terms of user name and password validation. Alignment of the Pexip portfolio with standard industry practices brings the system in line with customer expectations and helps provide a much improved security posture. This enhancement also allows multiple end users to be logged into the Management Node with their own account and each take independent actions. For example, one administrator, Betty Doe, can be logged in and deploy an additional Conferencing Node while Marie Morris is administering an active conference. In this case, the actions of each administrator will be logged to their unique user names. Betty s Conferencing Node deployment will be tracked to her AD user name (bdoe, as an example) while Marie s participant control will be tracked to hers (i.e. mmorris). Role Based Authentication Management Node authentication has been further enhanced through the creation and assignment of role-based permissions to individual or group of administrators. In this case, permissions for each sub page of the Management Node, from Status to Platform Configuration to Utilities, can be controlled independently. Each subset of administrators is assigned one of three permissions for each of these sub-sections: Modify, View, or No Access. 3

4 Organizations often want multiple individuals and systems to log into the Management Node and perform actions unique to their responsibility without threat they will impact the operation of the system as a whole. This functionality allows for separation of powers, systematically preventing unauthorized manipulation of the system. Encrypted, Authenticated Services The NTP and SNMP protocols, used in the Pexip platform from the beginning, can now be more secured to help protect informational channels used for system operation and monitoring. Network Time Protocol (NTP) services are vital to establishing the IPSec backplane between various nodes deployed within an environment. Securing time discovery will help enhance this required connection. Simple Network Management Protocol (SNMP) v3 allows those administrators interested in using this protocol for management to both encrypt and authenticate incoming SNMP discovery and monitoring between the Pexip Management Node and the SNMP manager. Means of encrypting and authenticating ancillary channels is always a good idea. All about protecting transmission of information to and from the Pexip environment, these means of encryption will help ensure protection of these production level resources. 4

5 Assured Services SIP (AS-SIP) Essential to DoD collaboration interoperability, AS-SIP is a superset of SIP signaling requirements deemed necessary by the United States Department of Defense (DoD), including DSCP tagging, secure TLS signaling, SRTP media security, and more. With support for AS-SIP included with all releases from V6 and on, Pexip has demonstrated its commitment to support the mission at hand, whatever that may be. Guaranteed interoperability is extremely important to the DoD to ensure that all installed applications support the mission. Implementation and support for AS-SIP, included in the V6 release, supports Pexip s firm commitment to the armed forces and the DoD. 5