3Si Managed Authentication Services Service Description [Pick the date] 3Si Managed Authentication Services Service Description [Type the document subtitle] JT www.3sicloud.com www.3sicloud.com enquiry@3sicloud.com enquiry@3sicloud.com
1. Table of Contents 1. TABLE OF CONTENTS... 2 2. SERVICE DESCRIPTION... 3 2.1 OVERVIEW... 3 2.2 CHALLENGES... 3 2.3 FEATURES AND BENEFITS... 4 3. SERVICE MATRIX... 5 3.1 ASSOCIATED SERVICES... 5 4. SERVICE DELIVERY ARCHITECTURE... 6 4.1 SERVICE INTEGRATION OVERVIEW... 8 4.2 SERVICE PREREQUISITES... 8
2. Service Description 2.1 Overview The first ever Authentication as a Service (AAAS) in true cloud model that offers fully automated provisioning and complete subscription management. 3Si Authenticator requires no infrastructure and provides multifactor authentication service across every component of your IT stream. Fully automated cloud provisioning means your ready to go in a matter of minutes and is backed with a strong SLA. 3Si Authenticator provides a simple subscription based Pay-per-user model with no upfront costs or hidden fees. 2.2 Challenges The cost of implementing multifactor-factor authentication solutions is significant, using a software-as-a-service oriented model provides compelling total cost of ownership benefits. Many organisations rarely look closely at the total cost of ownership of their authentication solution and instead make a decision heavily driven by the up-front purchase price. 3Si Authenticator, regardless of organisation size, provide a cloud-based authentication solution that delivers enormous benefits to your organisation. 3Si s vision is to make multi-factor authentication universally available. To achieve this, 3Si provides solutions that are simple, easy and cheaper than traditional two-factor token solutions and on-premise manually provisioned systems. We believe that high security does not have to mean high costs and high maintenance. We have spent more than two decades delivering inexpensive, innovative security solutions to a large range of satisfied global clients. Challenge Cost reduction and management Reducing technology burden Improving service and efficiency Direction The predictability of on-going costs and ability to move costs from capital expenditure to operational expenditure A reduction in the IT support headache by outsourcing processes and technology in turn reducing the need to dedicate internal people to non-core tasks The improvement of access to applications and services that improve an organisation s efficiency whilst providing the ability to invest in people as opposed to technology Achieving standards Managing growth Adoption of best practices and the ability to achieve industry or regulatory compliance without major investment The ability to manage expansion or reduction in service to meet business needs
2.3 Features and Benefits Features High Availability 99.99 % SLA Resilience Benefits Delivery of a service that leverages high availability infrastructure and behind the scenes resources. These underpin effectiveness and use satisfaction by minimising disruption and outages. Fully redundant architecture that delivers maximum performance, availability and replication of core data. Support overhead removed Zero investment in technical staff provides significant Opex cost reduction. Our services are managed by trained and experienced resources who maintain a high level SLA, as well as offering fast response to technical questions. Support Experts A customer support expert will ensure that all problems are escalated rapidly to specialists to assure fast resolution, maximum up-times and high levels of user confidence. No up-front purchases 3Si Authenticator service leverages a full software-as-aservice (SaaS) oriented model where on-going payments and an all-in pricing will also means there are no up-front purchases other than the access tokens themselves. Opex vs. capex With cloud-based services you typically have the choice of 100% Opex payments or ability to blend this with a Capex model. This flexibility can improve business cash flow and budgeting. Proactive monitoring The infrastructure is built to deliver immediate notification, action and resolution of issues to assure effectiveness, up-time and service delivery.
3. Service Matrix The Service Matrix below presents a list of the available Service Elements within the 3Si Authenticator service. The client s selected Service Elements, associated options, agreed service levels, service charges and other relevant details are formalised in the Service Agreement. The Authenticator website and self-service functionality all operate 24 hours a day, 7 days a week, 365 days a year. The service is designed to have no dependency to contact 3Si for Service Requests, however in such case that require our assistance are performed during business hours. Functional Elements 3Si Authenticator Online Service Subscription Automated Cloud Provisioning Customer Control Panel (Self-Service Portal) Real-Time Change Provisioned Complete Integration Suite Multi-Factor Authenticator Online Billing and Usage Cloud based Administration and Reporting Management Portal Service Request Escalation Service Reporting 3.1 Associated Services The service includes the following flexible options: Private links, with or without redundancy IPSEC Site-Site VPN
4. Service Delivery Architecture The 3Si Authenticator service is a pre-built, multi-tenanted system that is hosted in an ultra-secure certificated data centre. The service offers complete automation that takes customers through from subscription, provisioning and management. The self-service portal is used to make changes to the subscription technically or commercially that are deployed in real-time with complete audit trail. The service provides a complete integration suite to the customer to enable multi-factor authentication for both external and internal infrastructure elements. The 3Si Authenticator has a service delivery architecture that looks similar to the following diagram: The following dependencies have been identified through the solution design process Figure 1 Architectural Diagram
3Si Cloud Portal- 3Si Authenticator service is a cloud-based model that requires no installation of equipment on the customer site. Customers will be able to subscribe for the service online, upon which a cloud control panel will be provisioned instantaneously. This allows customer to extract specific integration configuration and a user guide. All backend services will be instantaneously previsioned and will be ready for integration with customer s on-site infrastructure components. The control panel also provides: Complete user management Token Management Administration, Billing and Reporting Service Desk The Control panel will provide clear step-by-step customer premises integration configuration for subscribed infrastructure components. Completion of this will have the authentication service completely integrated and ready to be used. Our cloud control panel provides ability for customer to import their organisation users, allocate and deploy tokens, manage the process of adds, moves and changes and produce activity reports. User provisioning and activation is automated through a clearly defined structural process that secures multi-factor solution technology by enabling AUTH compliance. User access to infrastructure devices or systems, network resources are now authenticated utilising multi-factor authentication.
4.1 Service Integration Overview The 3Si Authenticator integrates with virtually anything. We believe every IT user has a right to the highest standards of security that our industry can give, which is why our vision is to let you use strong authentication anywhere where you currently use a password. Cloud and web applications, which we protect using industry-standard Security Assertion Markup Language (SAML), with one of our authentication APIs or using our web agents. Or you can use one of the many web server plug-ins that work using the Remote Authentication Dial In User Service (RADIUS) protocol. Network access devices such as VPNs and firewalls, which communicate with 3Si Server using the RADIUS protocol. This covers most devices from Cisco, Checkpoint, Juniper, Sonicwall, Fortinet and Watchguard, among others, as well as Microsoft firewalls and VPNs. Devices that do not support RADIUS, such as older Citrix Gateways, can be protected with a 3Si Authenticator Agent that can be configured in few minutes. Windows and Unix - any application that is Pluggable Authentication Module (PAM) aware can use PAM s support for RADIUS to authenticate against 3Si Authenticator Server. 3Si Authenticator Agent protects Microsoft Windows desktops, domains, remote desktops and terminal servers, and will even provide offline authentication for laptops or other devices not connected to the corporate network. Tight integration with user directories such as LDAP or Microsoft Active Directory enables automated custom provisioning processes. Figure 2 Use case scenarios 4.2 Service Prerequisites The only prerequisite to this service is an Internet connection into the protected infrastructure elements.