AG 1000 Series D a t a S h e e t Secure Access Gateways Array Networks AG 1000 Series Secure Access Gateway products provides enterprise-class secure access for customers ranging from Small-to-Medium Businesses, to Telcos and Cloud Service Providers. Array s AG is the best value for mobile and non-mobile secure access when performance, scalability, fine grain user control, user group control and multi-tenant hosting are important requirements. Powered by the Array Networks award winning 64-bit SpeedCore platform, the AG Series is the best choice for enterprises and service providers seeking to lower Total Cost of Ownership (TCO) without compromising security. Highlights & Benefits Up to 3.2Gbps throughput, 128,000 concurrent users, and 500,000 users per single AG device provides scalability and performance to drive productivity and improved user experience across the organization at cloud scale while maintaining iron-clad security. Broad range of secure access solutions from a single AG device including mobile access, remote access, remote desktop access, and wireless access. Multiple virtual VPN communities and tenants on a single AG device provides employees, partners and customers a separated, secure and fully-customized experience. Fine grain per user controls provides full control of the access policy on per individual user basis. Ideal secure access component for business continuity and compliance keeping open and secure access to critical applications, services and resources in the face of un-anticipated events. Comprehensive mobile support and SDK to mobilize your applications and services without compromising security.
P r o d u c t D e s c r i p t i o n Enterprise and Cloud-class Performance Array Networks AG Series Secure Access Gateways were developed to provide universal access at performance and scale, while reducing Total Cost of Ownership (TCO). Powered by Array Networks award winning 64-bit multi-core SpeedCore platform these purpose-built appliances support up to 128,000 concurrent users and up to 3.2 Gbps throughput on a single system. Array s AG Series delivers the highest performing and most scalable secure access solution on the market providing unbeatable ROI for global enterprises, Telcos/carriers and cloud service providers. A single AG device can host up to 500,000 users in a local database for AAA and access controls. hardware acceleration on the AG device brings customers superb performance for both 1024-bit and 2048-bit key certificate processing. Access. Security. Performance. Anytime, anywhere, any device access increases productivity, ensures compliance and accountability, while performance enables these benefits across the enterprise and cloud cost-effectively and without compromising the end-user experience. With the Array Series of Secure Access Gateways you get it all: anytime anywhere access, security, high availability and price/performance. Moreover, the AG Series Secure Access Gateways are highly flexible, supporting multiple end-use devices, as many groups, communities or tenants as your business requires, all on a range of price/performance products. With Array s AG Series, IT managers and cloud operators can meet today s specific access and security mandates while laying a foundation for expanded functionality as the need arises. AccessDirect: Remote Access AccessDirect is a remote access VPN module available independently or in conjunction with other access modules on all AG Series products. Designed to supercede legacy secure remote access VPNs, Array AccessDirect VPN provides greater flexibility using ubiquitous Webbased access, more granular data protection through client security and identity-based access controls, and fewer deployment hassles with an architecture that requires no pre-installed clients and that is transparent to existing infrastructure. AccessDirect supports Web-based, Layer-3 and specific client-server and thin-client application access and delivers a fast, customized enduser experience unmatched by the competition. Mobile Device Support & SDK Array Networks proven DesktopDirect solution allow iphone/ipad and Android based device users to access all business critical applications at anytime without having to worry about whether the application is available for the mobile OS or the potential risk of leaving sensitive data on relatively more vulnerable mobile devices. AG Series Access Gateways provides customers with a comprehensive Mobile Application SDK. Using this SDK customers or software vendors can easily add secure access capability into their applications and service. Secure tunneling and access controls are taken care of automatically by the SDK libraries, while applications just need to focus on their core functions. The Mobile Application SDK allows applications to maintain the great experience mobile users are enjoying today without compromising security. Users just need to use their application as usual without knowing whether they need to go through a VPN or not. Everything is done transparent to the user. Not even a single more click is necessary, let alone launching separate VPN applications or going through extra pages. AG Series Access Gateways also support Network level VPN to provide secure access for any applications that run on ios or Android based mobile devices. Network level VPN provides full network access to all applications on the mobile devices by intercepting and securing the data before it leaves the device. There is no complicated installation needed and configuration is simple and easy. Array Networks is committed to provide the best and most complete mobile secure access solutions to our customers. We will continue improving AG features and functions for mobile device access. Virtualization Built-on Array Networks unique virtualization technology with a 7-year track record of servicing carrier grade customers, each AG gateway can appear as multiple virtual AGs which work together as a whole to provide cohesive secure access and controls. One AG gateway can support up to 256 Virtual Portals to serve different users, groups or tenants, without complicating the user experience, management and configuration. Each Virtual Portal has self-contained management, access policy, access methods and resources. Virtual Portals can also be associated with multiple IP addresses to provide access from multiple external or internal links. Each Virtual Portal has its own easily customizable look and feel and customization is easier than ever. All AG features and functions can be seamlessly integrated into existing web pages or fit into any customized page layout with minimum effort though AG Portal Theme technology. AG devices come with two built-in portal themes for customers to start with.
P r o d u c t D e s c r i p t i o n Per User Policy Engine The AG Series Access Gateways not only provide secure access but also provide full control of the access policies on per user basis. The AG device can check the user s device to make sure it s up to date on service packs and anti-virus software before allowing the user to access a protected network and resources. The AG device can validate each individual user s device hardware ID before the user can login. Administrators can assign users different roles at run time based on username, group name, source IP, login time and authentication methods so the users get access to different resources using different access methods. Different user roles will see different resources on the user portal and will be assigned different level of QoS policies. With a capacity of 500,000 users in local database, all user access policies are stored locally and can work seamlessly with external AAA servers. Users can also customize backend server SSO settings to store multiple username and password pairs for different backend application servers. The AG device provides an extremely powerful and flexible user authentication mechanism. Administrators can allow an individual user to choose an authentication method and can also force users authenticate to multiple AAA servers for added security similar to multi-factor authentication. DesktopDirect: Desktop Access DesktopDirect enables workers to seamlessly access their desktop PCs from any location as if they were in the office. Using a standard web browser, any device can remotely view and control employee PCs located in the office. DesktopDirect uniquely leverages proven technology that is simple, scalable and secure to deliver the industry s only comprehensive, enterprise-class remote desktop access solution. Array DesktopDirect is an enterprise remote desktop access module, available independently or in conjunction with other access modules on all AG Series products. Client Security A dissolvable security agent mitigates network or resource exposure by enforcing pre- and post-admission policies and adapting access rights to suit changes in the client environment. Host-checking verifies device and user identity, and ensures clients meet pre-defined security parameters (anti-virus, anti-spyware, personal firewalls, patches, service packs, etc.) and determines adaptive policies. For additional control, cache cleaning can wipe cached information from devices when a session ends; or secure virtual desktop may be enabled to store session data in an encrypted vault to prevent data leakage associated with local saving and printing. Transit & Server-Side Security All traffic between clients and the Array Universal Access Controller is encrypted over. An integrated VPN firewall, reverse proxy architecture and security-hardened OS ensure that AG Series systems are as secure as the networks and resources they protect. Layer 2-7 authorization provides granular access control based on user identity and role within the organization, while comprehensive auditing tracks all activity on a per-user, per-event, and per-resource level. telecommuters SOHO Day Extenders Mobile Users Contractors array ag Partner Customer a, B, C, etc. internet headquarters or POP un-trusted VLaNs Wireless LaN users array ag LaN users trusted VLaNs Business Critical Data, applications & Networks
Peer Sites End-Point Security Encrypted Transport & Multiple Access Modes High-Perform P r o d u c t D e s c r i p t i o n Secure Access Gateway Portal Customization Hub & Spoke or Mesh Connection Multiplexing AAA & SSO Efficient Virtual Proxy Portal Engine Hardened OS SpeedCoreTM QuickLink Adaptive Policies Array VPN Client Virtualization Secure Virtual Desktop Host Checking Mobile Device Support Per User Access Policy Management Cache Cleaning Hardware Acceleration Dissolvable or Pre-Installed Security Agent TM SpeedCore End-Point Security Encrypted Transport & Multiple Access Modes High-Performance, High-Availability Resource Access Control Application Acceleration Typically, layers of protection add to security at the expense of application performance; and no matter how sophisticated a VPN solution is, it won t enhance productivity unless users find it fast and friendly. To this end, Array AG Series Secure Access Gateways OPEN feature integrated application acceleration technology including hardware accelerated encryption, hardware compression and connection multiplexing for putting servers in their power band. With the purpose-built Array AG device, the compromise between security APACHE and performance is eliminated once and for all. Array Business Continuity LINUX OS Events such as hurricanes, snow days, transit disruptions and the threat of global terror or pandemics make the world and the workplace increasingly unpredictable. More than ever, organizations require OPEN MAIN CPU solutions that keep their employees up and running in the face of unanticipated or seasonal events. APACHE HARDWARE Reliability & Availability Deployed by the largest enterprises and service providers in the world, AG Series Secure Access Gateways have proven their reliability tallying up over five years of flawless performance in the most demanding of production network environments. In the event of failure, clustering ensure an unaffected, transparent experience for end users. HARDWARE SpeedCore MAIN CPU Array Secure Access Gateway is a fundamental component in business continuity architectures. Ubiquitous Web access means users have access from any device, anywhere. DesktopDirect enables users to see MAIN CPU HARDWARE their familiar work desktop and continue HARDWARE to be productive. prepaid Business Continuity licensing meets the requirements of any size organization during surges in user connections due to unplanned external events. LINUX OS General-Purpose VPN Most importantly, only Array Business Continuity licenses self-activate with no IT interaction. General-Purpose VPN SpeedCore AG MAIN CPU AG AG
P r o d u c t D e s c r i p t i o n Management & Reporting Array AG Series Secure Access Gateways offer both a familiar CLI and an intuitive Web user interface that can easily be customized to create streamlined, integrated management systems. Monitoring the Array AG is made simple with SNMP-based monitoring tools, and with support for XML-RPC, a range of third-party applications can be used to automate management tasks. In addition, up to 100 AG products can be supported by Array s CMX 100 centralized manager. Provide a single point of configuration management, monitoring and reporting for Array s products. Web Portals & Applications Mobile User Array AG Email Files Corporate Network Extranet Business Partner Remote Office Home Telecommuters Extranet Suppliers Customer Regional HQ
Features Access Methods Data Center & Cloud Security P r o d u c t D e s c r i p t i o n Clientless Web Portal Access 100% clientless Support HTML, JavaScript, Plug-in parameters Ensures proper function of application beyond the corporate network Masks internal DNS and IP addressing Supports all devices with a web browser Client Based Access Supports network level connectivity and application level connectivity IT can specify L3 or L4 tunnel or allow the Array VPN Client to auto select Transparent to users Auto launch upon login Supports any IP based applications (TCP,UDP, NetBIOS) e.g. Outlook, Terminal services, FTP, CRM and all CS and BS applications Different configuration defined per user or group Split tunneling and full tunneling control Create tunnel through http forward proxy Network drive mapping Automatic launch of network scripts/commands IP address assignment based on users, groups, DHCP and RADIUS Windows XP 32bit, Windows 7 (32/64-bit), Linux, MacOS Stand-alone, command line and SDK for Array VPN client re-installable client, web-delivered client through Java or ActiveX Multi-language support Detailed traffic log Mobile Device Support DesktopDirect for ios and Android Application API for ios and Android Network level VPN for ios and Android Client Security Host Checking Tests device state prior to allowing access Scans for personal firewalls, anti-virus, anti-spam and OS service packs Customized rules for a range of apps, registry checks and patches MAC address or Hardware ID validation Adaptive Policies Level of access conditional on end-point status Integrated policy management Cache Cleaning Wipes all browser stored information when the session is over Per-session with idle timeout and browser closure Secure Virtual Desktop Control access to hard drives, registry, copy/ paste buffers, external media and printers Control storage of confidential data on local hard drives and media Accesses and stores information in an encrypted vault Server-Side Security Security-hardened OS Passive and active Layer-7 content filtering Permit or deny policies DDoS prevention Reverse-proxy network separation Protocol: TLS 1.0/ 3.0, TLS 1.1/1.2* Cipher suites: AES128-SHA, AES256-SHA, DES/3DES, SHA/MD5 1024-bit & 2048-bit keys session reuse Certificate filed passing to backend Online/offline CRL, OCSP Access Control (AAA) Authentication LDAP, RADIUS, AD, LocalDB, RSA SecurID,Swivel, Vasco, Custom 500,000 users in LocalDB Enable/disable LocalDB user LocalDB password policy control Back/Restore LocalDB Export LocalDB in CSV format (Excel) 1500 logins/second Certificate-based authentication Authentication server ranking (search user credential in multiple servers) RADIUS Challenge Response Mode Restrict login based on date and time, Single Sign-on, NTLM, HTTP basic authentication and HTTP POST User lock-up by login failure, inactivity or manually by admin Authorization Granular access control of resources Role-based access control Role is defined by username, group name, login time, source IP and login method Permit and deny policies Authorize user based on MAC address or hardware ID Provides high flexibility in configuration Detailed logging Auditing Full audit trail in WebTrends WELF format Logs all user activity success, failures, attacks Multi-factor authentication/ authorization client certificates, RSA SecurID, Entrust Other RADIUS-based authentication Systems Multiple AAA server authentication Cloud-class Capacity & Performance Array s SpeedCore 64-bit multi-core platform Optimized packet flow; single-digit millisecond latency Hardware key exchange and bulk encryption; performed in kernel Connection multiplexing optimizes server efficiency; reduces back-end connections N+1 clustering Up to 256 discrete virtual portals/user communities on a single system Up to 128,000 of concurrent users on a single system Up to 3.2 Gbps of throughput Virtualization 256 Virtual Portals Single page virtual site creation Concurrent user session control per Virtual Portal Delegated management Multiple IPs and host names associate with one Virtual Portal Complete security and data separation Instant DMZ on demand Strong compliance assurance Management Simplified Administration Intuitive streamlined WebUI Quick-start wizard Role-based administration Strong administrator authentication RADIUS accounting No client installation or management Configuration synchronization Full device backup and restore including: Client Security Portal Theme certificates, keys CRL LocalDB Centralized management with CMX100 Customizable End-User Portals Portal Theme allows customer to create customized Virtual Portals or include all AG features on pre-existing web pages Pure Javascript-based customization on per Virtual Portal basis No external server requirements Localized end-user GUI support for English, Japanese, simplified and traditional Chinese Multi-device Management SSH/CLI, /WebUI, SNMP, XML/RPC API Support Array centralized management appliance CMX Support NRS2 Array Networks multiple SPX/AG reporting and analyzing tool Licensing, etc. User/feature license control Business Continuity (ABC - prepaid burst license) NTP, NAT, RTS, Logging
P r o d u c t S p e c i f i c a t i o n s AG Features AG Models Processing (1024-bit & 2048-bit) AG 1000 AG 1100 AG 1200 AG 1500 AG 1600 SW HW HW HW HW Compression SW SW SW SW SW Ports 4x GigE Copper 4x GigE Copper 2x1GigE Fiber 4x GigE Copper 2x1GigE Fiber 4x GigE Copper 4x1GigE Fiber or 2x10GigE Fiber 4x GigE Copper 4x1GigE Fiber & 2x10GigE Fiber Max. Virtual Portals 10 256 256 256 256 Max. Concurrent Users 300 6,000 24,000 128,000 128,000 Local DB users 10,000 200,000 200,000 500,000 500,000 Throughput (Mbps) 100 400 800 1,600 3,200 SW HW HW HW HW Clustering 1+1 1+1 1+1 1+1 1+1 Power Supply Single Single/Dual Single/Dual Dual Dual Form Factor 1U 1U 1U 2U 2U Technical Specifications Support Warranty Dimensions Weight Environmental Input Voltage Regulatory Compliance Safety Bronze, Silver and Gold levels support plans 1 year hardware, 90 days software Array AG 1000, 1100, 1200: 17 W X 15 D X 1.75 H or 1U Array AG 1500, 1600 : 17 W X 21.5 D X 3.5 H or 2U Array AG 1000, 1100, 1200: 13.6 lbs (single power supply), 17.2 lbs (dual power supplies) AG 1500, 1600 : 28 lbs Operating Temperature: 0 to 45 C, Humidity: 0% to 90%, Non-condensing AG 1000, 1100, 1200:: 90-264VAC, 6-3 A, 47-63Hz Auto-ranging, Dual: 90-264VAC, 4-2 A, 47-63Hz Auto-ranging AG 1500, 1600: 100-240VAC; 8.5A ; 47-63 Hz, Full-range input, Redundant, Hot Swappable IEC 60950-1, LU/CSA 60950-1, EN 60950-1, ICES-003, EN 55024, CISPR 22, AS/NZS 3548, FCC, 47FR part 15 Class A, VCCI-A CSA, C/US, CE Jan-2012 rev. b 1371 McCarthy Blvd. Milpitas, CA 95035 arraynetworks.net Phone: (408) 240-8700 Toll Free: 1-866-MY-ARRAY