Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources



Similar documents
VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

SECURE ACCESS TO THE VIRTUAL DATA CENTER

COORDINATED THREAT CONTROL

PRODUCT CATEGORY BROCHURE

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

SECURING TODAY S MOBILE WORKFORCE

Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility

Configuring and Implementing A10

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

END-TO-END SECURITY WITH SA SERIES SSL VPN APPLIANCES

What s New in Juniper SSL VPN Version 7.1

PRODUCT CATEGORY BROCHURE

NETWORK AND SECURITY MANAGER

Reasons Enterprises. Prefer Juniper Wireless

ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS

Juniper Networks Solution Portfolio for Public Sector Network Security

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

IMPLEMENTING SINGLE SIGN- ON USING SAML 2.0 ON JUNIPER NETWORKS MAG SERIES JUNOS PULSE GATEWAYS

Remote Access Protection

Limitation of Riverbed s Quality of Service (QoS)

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems

Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways

SOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management

What s New in Juniper s SSL VPN Version 6.0

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

Voice Modules for the CTP Series

Identity-Based Traffic Logging and Reporting

Web Filtering For Branch SRX Series and J Series

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

JUNOS PULSE APPCONNECT

Architecture and Key Components

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

Juniper Networks WX Series Large. Integration on Cisco

Product Description. Product Overview

WHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1

Strategic Network Consulting

Meeting PCI Data Security Standards with

Thin Client Computing Best Practices Guide

Demonstrating the high performance and feature richness of the compact MX Series

Symantec On-Demand 2.6/ Juniper IVE SSL VPN 5.2 Integration Guide Addendum

JUNIPER NETWORKS WIRELESS LAN SOLUTION

Deploying IP Telephony with EX-Series Switches

Citrix Access Gateway

JUNOScope IP Service Manager

Electronic Fulfillment of Feature, Capacity and Subscription License Activation Keys via the License Management System (LMS)

SA6000 SP SSL VPN. Product Description. Product Overview. Architecture and Key Components DATASHEET

SA Series SSL VPN Virtual Appliances

SSL VPN Technical Primer

Simplifying the Data Center Network to Reduce Complexity and Improve Performance

Identity-Based Application and Network Profiling

ORDERING AND LICENSING GUIDE FOR MAG SERIES JUNOS PULSE GATEWAYS

Juniper Networks Solution Portfolio for Public Sector Network Security

What s New in Juniper s IVE Platform Version 5.2. Highlights of this Release. What s New in IVE v5.2

How To Use Netscaler As An Afs Proxy

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

Juniper Networks Secure Access 6000 SP Appliance

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide

PULSE SECURE FOR GOOGLE ANDROID

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

IPSec or SSL VPN? Copyright 2004 Juniper Networks, Inc. 1

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

Juniper Networks VPN Decision Guide

Securing Citrix with SSL VPN Technology

Implementation Consulting

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Junos Pulse. Administration Guide. Release 3.0. Published: Copyright 2012, Juniper Networks, Inc.

SAML 2.0 SSO Deployment with Okta

Juniper Networks VPN Decision Guide

After you have created your text file, see Adding a Log Source.

INTELLIGENT SECURITY: THE STRATEGIC APPROACH TO HIGH-PERFORMANCE NETWORKS FOR HIGHER EDUCATION

Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document

Introduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...

Tackling the Top Five Network Access

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

SOLUTION BROCHURE. Juniper Networks. Intelligent Security and Performance for the Distributed Enterprise

Features and Benefits

SA Series SSL VPN SA2500, SA4500, SA6500. Product Description. Product Overview. Architecture and Key Components DATASHEET

Service Description Overview

Junos Pulse Supported Platforms

TRANSITIONING ENTERPRISE CUSTOMERS TO THE CLOUD WITH PULSE SECURE

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated

OpenText Secure MFT Network and Firewall Requirements

How To Configure SSL VPN in Cyberoam

Key Strategies for Long-Term Success

White Paper. Copyright 2012, Juniper Networks, Inc. 1

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Transcription:

APPLICATION NOTE Juniper NETWORKS SSL VPN and Windows Mobile Secure, Mobile Access to Corporate Email, Applications, and Intranet Resources

Table of Contents Introduction......................................................................................... 1 Scope.............................................................................................. 1 Description and Deployment Scenario................................................................... 1 Clientless Access (ActiveSync, Web, and File Sharing)................................................. 1 Windows Secure Application Manager (WSAM)....................................................... 2 Endpoint Security (Host Checker).................................................................. 3 Localization.................................................................................... 4 Summary........................................................................................... 4 About Juniper Networks.............................................................................. 4 ii

Introduction Juniper Networks SA Series SSL VPN Appliances lead the SSL VPN market with a complete range of remote access appliances. The SA Series is based on the Instant Virtual Extranet (IVE) software that uses SSL, the security protocol found in all standard Web browsers. Enhanced access methods enable the enterprise to provision secure access, by purpose, for virtually any resource including Exchange, Terminal Services, intranet applications, and much more. With the introduction of Juniper Networks IVE 6.2 software, Windows Mobile devices (including Pocket PC and Smartphone) can securely access internal resources through the SSL VPN. Supported SA Series features include WSAM (Windows Secure Application Manager), Core Access for Web and Files, and Clientless ActiveSync. Scope This document provides a high-level overview of the features and functionality supported by Juniper Networks IVE software release v6.2 and Microsoft Windows Mobile 5.0 or higher. Description and Deployment Scenario Clientless Access (ActiveSync, Web, and File Sharing) SA Series SSL VPN Appliances offer several benefits to Windows Mobile users, even in a purely clientless form. That is, no special software is installed on the Windows Mobile device, nor is it necessary. Authentication is handled with a traditional username/password, one-time token, or Client Certificates. Core Access dynamically builds a portal page for authenticated users, and can provide links to all of their applications as well as single sign-on (SSO) to backend Web resources such as a corporate intranet, Microsoft OWA/OMA, SharePoint, and much more. The SSO framework supports Basic Auth, NTLM2/1, headers, cookies, SAML, and Form POST methods. In addition to Core Access to Web applications, the SA Series can also securely front-end Windows and UNIX (SMB and NFS) file shares, making them into a Web interface. This enables mobile users to download and upload documents easily from network shares, and can even provide a dynamic bookmark to users home directories. The file-sharing feature also supports SSO (NTLM and Kerberos) and allows users to Download a File, Upload a File, Upload a Zip File and extract its contents, or download multiple files in a Zip file. File Sharing and Web Access are both further secured with Resource Policies to permit/deny access to certain resources. For Web, access control is very granular to the object level. For File Sharing, access control not only permits access, but it permits read-only access, if desired. 1

ActiveSync is also natively supported with IVE 6.2 and later. This HTTP proxy feature enables mobile devices that support Microsoft ActiveSync to seamlessly connect to backend Exchange environments. The SSL VPN is configured to proxy Exchange traffic over a special Authorization Only VIP, and forwards the raw HTTP payload to the Exchange server. This framework enables organizations to deploy Push Email without having to put the Exchange server in the demilitarized zone (DMZ). Direct Push is fully supported, as well as bidirectional synchronization of Email, Contacts, Calendar, and Tasks. Additional authorization policies may also be implemented here, such as locking down to a Source IP/range, User-Agent, DeviceID, and more. One additional note: Users who are connected with Clientless ActiveSync do not count against the IVE concurrent user licenses, allowing customers to easily and cost-effectively scale their SSL VPN mobile deployments. Windows Secure Application Manager (WSAM) Juniper Networks SA Series SSL VPN Appliances offer WSAM support for Pocket PC and Smartphone devices running Windows Mobile version 5.0 and later. This agent, installed on the fly via Pocket IE, seamlessly tunnels applications from the mobile device back to a corporate intranet. This technology enables configured applications such as ActiveSync, Terminal Services, Email, and more to be encapsulated and sent over an SSL tunnel to the remote SSL VPN gateway, where the payload is then extracted from the SSL tunnel and put onto the internal corporate network. Client/server applications are supported, and both UDP and TCP (fixed and dynamic port) protocols can be tunneled in this manner. WSAM also provides several options to ease usability, including Auto- Launch (at WM boot), Certificate Authentication, and application status, which shows applications that are actively being secured.

WSAM can be configured in two modes: Application or Host mode. Policies are configured on the SSL VPN gateway and pushed down when WSAM agents connects. With Application mode, a set of applications/programs is configured so all of the data/transactions are tunneled over WSAM. With Host mode, a destination IP/network is configured so that any application or program attempting to access that IP/network will be tunneled. Endpoint Security (Host Checker) With IVE version 6.2 and later, Host Checker can now provide endpoint security policy enforcement for Windows Mobile devices. For example, if an organization wants to mandate that all mobile devices are running a particular Smartphone security agent, Host Checker can be configured to enforce that before allowing access to vital company resources. In this case, the agent is not running and the mobile device is not in compliance with the policy the device can be quarantined and may be granted access only to limited network resources. Host Checker s famous Remediation framework is also supported for Windows Mobile devices. This means users who are not in compliance can receive valuable feedback letting them know what needs to be done in order to get back into compliance. This type of self-service model is just one of the many features that make Juniper s SSL VPN so popular. By being able to implement stronger endpoint controls, organizations are able to broaden remote and mobile access to critical resources, without increasing the overall security risk.

Localization To support a wide range of users, Juniper s SSL VPN supports a localized end user interface as well. Eight languages are supported including Spanish, Korean, Japanese, Chinese (Traditional), Chinese (Simplified), German, French, and English. The end user UI is fully localized, and largely customizable. Login pages are fully customizable, and the WSAM agent is also localized into each language. This is just another example of how Juniper s SSL VPN provides a truly ubiquitous entry point for all users, even those with mobile devices. Summary With the introduction of Juniper Networks IVE 6.2 software, hand-held mobile devices running Microsoft Windows Mobile 5.0 or later can be used with Juniper Networks SA Series SSL VPN Appliances for secure clientless remote access, enabling users to flexibly access desktop applications and data. The robust authentication, localization options, and multiple access methods provide enterprises with the security and flexibility they need to safely propagate hand-held mobile devices throughout their workforce, keeping employees connected and empowered to conduct business on the move without introducing unnecessary network security risks. About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net. Corporate and Sales Headquarters Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.2100 APAC Headquarters Juniper Networks (Hong Kong) 26/F, Cityplaza One 1111 King s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 To purchase Juniper Networks solutions, please contact your Juniper Networks representative at 1-866-298-6428 or authorized reseller. EMEA Headquarters Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.31.8903.600 Fax: 35.31.8903.601 Copyright 2009 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, JUNOS, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. JUNOSe is a trademark of Juniper Networks, Inc. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3500106-001-EN Mar 2009 Printed on recycled paper. 4

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information