What s New in Juniper s SSL VPN Version 6.0



Similar documents
What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

Clientless SSL VPN Users

How do I use Citrix Staff Remote Desktop

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Accessing the Media General SSL VPN

Securing Citrix with SSL VPN Technology

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

PRODUCT CATEGORY BROCHURE

SSL VPN A look at UCD through the tunnel

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

A Guide to New Features in Propalms OneGate 4.0

Citrix Access on SonicWALL SSL VPN

Thin Client Computing Best Practices Guide

SECURE ACCESS TO THE VIRTUAL DATA CENTER

Accessing TP SSL VPN

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

Accessing the Mercy Remote Access Portal (SSL VPN)

SA Series SSL VPN Virtual Appliances

Juniper SSL VPN Notes Page 1

SA Citrix Virtual Desktop Infrastructure (VDI) Configuration Guide

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

App Orchestration 2.0

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

An Analysis of Propalms TSE and Microsoft Remote Desktop Services

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

Secure remote access to your applications and data. Secure Application Access

PROPALMS TSE 6.0 March 2008

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Dell SonicWALL SRA 7.5 Citrix Access

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

2X ApplicationServer & LoadBalancer & VirtualDesktopServer Manual

This guide provides all of the information necessary to connect to MoFo resources from outside of the office

Citrix StoreFront 2.0

Secure iphone Access to Corporate Web Applications

GTS Software Pty Ltd. Remote Desktop Services

Symantec On-Demand Protection 2.6 Juniper IVE SSL VPN 5.2 Integration Guide

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

2X ApplicationServer & LoadBalancer Manual

Novell Access Manager SSL Virtual Private Network

Remote Application Server Version 14. Last updated:

VPN Web Portal Usage Guide

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

MaaS360 Mobile Enterprise Gateway

Citrix MetaFrame Presentation Server 3.0 and Microsoft Windows Server 2003 Value Add Feature Guide

Citrix Access Gateway

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

BlackShield ID Agent for Remote Web Workplace

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

Java Secure Application Manager

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

Remote Application Server Version 14. Last updated:

MaaS360 Mobile Enterprise Gateway

Cisco AnyConnect Secure Mobility Solution Guide

New Feature Guide TSE 7.0. Overview. 1. New TSE Desktop Client for Windows. Propalms Ltd. Published February 2013

BIG-IP Access Policy Manager Tech Note for BIG-IP Edge Client App for ios

PowerTerm WebConnect. Integration Instructions with Juniper SSL VPN

Access to Webmail services via a Non Trust Computer

2X ApplicationServer & LoadBalancer Manual

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Propalms TSE Deployment Guide

PortWise Access Management Suite

Access Your Cisco Smart Storage Remotely Via WebDAV

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Ensuring the security of your mobile business intelligence

Introducing the FirePass and Microsoft Exchange Server configuration

How To Use Tsplashbox On A Pc Or Mac Or Mac (For A Pc) With A Windows 7 Computer (For Mac) Or Mac) With Tsplatro (For Pc) Or Ipad (For Windows) With An

SSL VPN Service. To get started using the NASA IV&V/WVU SSL VPN service, you must verify that you meet all required criteria specified here:

Introduction to the EIS Guide

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

Deliver Secure and Accelerated Remote Access to Applications

Using RD Gateway with Azure Multifactor Authentication

2X ApplicationServer & LoadBalancer Manual

Clientless SSL VPN End User Set-up

Introduction to Mobile Access Gateway Installation

How To Use Salesforce Identity Features

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Installation and Setup: Setup Wizard Account Information

Campus VPN. Version 1.0 September 22, 2008

Remote Desktop Services User's Guide

Junos Pulse Release 3.0R1.1

Pulse Connect Secure

Setting Up Scan to SMB on TaskALFA series MFP s.

Endpoint Security VPN for Mac

Introduction to Endpoint Security

Dell World Software User Forum 2013

FAQ. How does the new Big Bend Backup (powered by Keepit) work?

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Aventail Connect Client with Smart Tunneling

How to use SURA in three simple steps:

Host Access Management and Security Server

PortWise Access Management Suite

Transcription:

What s New in Juniper s SSL VPN Version 6.0 This application note describes the new features available in Version 6.0 of the Secure Access SSL VPN products. This document assumes familiarity with the Juniper s IVE platform and the features of earlier releases up to version 5.5. I. Security Policy Enhancements to Meet The Needs of Today s Most Demanding Businesses Support Trusted Network Connect (TNC) Standards on Host Checker Juniper is introducing support for the TNC-TCG industry standards which enables interoperability of the solution with diverse endpoint solutions, from antivirus to patch management to compliance management solutions that conform to the TNC-TCG specifications. The Trusted Computing Group (TCG) is a not-for-profit organization formed to develop, define, and promote open standards for hardware-enabled trusted computing and security technologies. Trusted Network Connect, a subgroup of the TCG that comprises more than 60 members, is responsible for defining an open architecture for network operators to enforce policies regarding endpoint integrity during network connections established by users/endpoints. By introducing this support, Juniper Networks is extending its endpoint assessment capabilities, in addition to what is supported in SSL VPN today, by providing interoperability and deep integration with solutions that support these standards. These standards are also supported on Juniper s Unified Access Control solution, allowing customers to create similar security policies for remote and local access control deployments. Enables customers to leverage their investments in existing endpoint security solutions. Standards-based, open APIs provide flexibility to customers, providing tight integration with a wide array of third party security products as part of the endpoint security assessment on every remote access session. Allows customers to create a unified endpoint security policy that can be deployed across both their remote access (SSL VPN) and their local access (UAC) deployments. Support for remote Integrity Measurement Collectors (IMC) Integrity Measurement Verifiers (IMV) for TNC conformant solutions developed by third party vendors Juniper Networks is adding generic support for any endpoint vendor who develops TNC compliant solutions for integration into SSL VPN. By providing this support, customers can enable IMVs from 3rd party solutions and use SSL VPN to gather the relevant information from the endpoint (IMC), pass this information to the IMV for endpoint status, and leverage the results back from the IMV for network and application based access control.

Enables customers to customize their SSL VPN deployments to meet the exact needs of their business. Gives customers the flexibility of zero-day support for new endpoint security solutions as third party vendors add support for TNC standards. Accelerates the integration of diverse endpoint solutions into SSL VPN by providing a common, standards-based framework for integration. Host Checker Support for Machine Certificate Authorization Juniper has extended Host Checker to now include support for X.509 machine certificates, including validation via OCSP/CRL. This allows customers to perform authorization based on whether or not the machine itself is trusted, in addition to end-user authentication and authorization. Allows customers to create authorization and role mapping policies based on whether or not an end-user s device is a corporate managed asset, leveraging Juniper s industry-leading dynamic access privilege management capabilities. Certificate Authentication with Network Connect Launcher Juniper s advanced PKI capabilities have now been extended further with support for certificate authentication via the Network Connect command line launcher. Extends support for certificate authentication across all access methods. with Advanced License Selectable Cipher Suites With 6.0, Juniper allows the selection of specific bulk encryption ciphers for SSL connections. For example, customers can choose to allow only ciphers using AES and 3DES, for more secure deployments. Provides greater flexibility to customers in creating policies to match their corporate security policies. Extended custom endpoint assessment capabilities to include checks for Mac address and NETBIOS

Juniper Networks is extending the custom endpoint assessment capabilities to incorporate checks for Mac Address of endpoint and whether the endpoint is a NetBIOS machine or not. SSL can then vary the user s level of access as a consequence of these checks. Provides greater flexibility to customers in defining custom endpoint assessment checks and leveraging them for granular access control. II. Anytime, Anywhere Access Through Enhanced End-User Browser, Platform, and Application Support Support for OWA, Sharepoint, and Office 2007 through the Core Access Method Version 6.0 of the SSL VPN products adds support for Outlook Web Access 2007, Sharepoint 2007, and the Office 2007 suite of application through the core clientless access method. Juniper continues to provide support for the widest possible set of web applications by providing support soon after these new applications have been released. Resource profile templates are provided for Sharepoint 2007, as well as OWA 2007. Completely clientless support for the 2007 versions of Microsoft business productivity applications, for ubiquitous availability through only a web browser 2000 and Above and SA700 with Core Access license MySecureMeeting MySecureMeeting adds support for Reservationless, Fixed-URL Secure Meeting deployments. With this feature, customers can create fixed URLs or meeting rooms for their end-users based on predefined strings, username, or directory/session variables. When joining these types of meetings, attendees specify the fixed meeting URL, their name, and the meeting password. Administrators can specify URL format and can choose whether or not they want to allow end users to create additional meeting URLs for other purposes. Password options such as complexity and expiry can also be set by administrative policy. Allows the use of static, configurable meeting URLs for ease of use. Makes it easier to join meetings and to remember meeting URLs.

2000 and Above with Secure Meeting License Citrix Terminal Services (CTS) Intelligent Client Delivery and SSO Allows customers to run published applications available on the Citrix Web Interface using the SSL VPN Gateway s embedded Citrix Terminal Services Client. With this enhancement, CTS will automatically launch and run if the IVE receives an ICA file. If Web Interface delivers a Java applet, traffic is tunneled through the Java rewriter. In addition, the native IVE CTS client now supports Single Sign-On using domain credentials, for seamless authentication. Through this feature, users can access published apps without the use of JSAM or WSAM, improving usability, security, and avoiding client installation issues. Improved usability, as all that the end user has to do to start the application is click on the bookmark or the icon for the published application in the Web Interface. Strong security, as users cannot write their own ICA file and gain access to applications that have not been published on the Web Interface. Ubiquitous access, as the IVE Citrix Terminal Services proxy does not require administrator privileges for installation. For users with the Citrix client already installed on their machine, there is no need for advanced privileges to access published apps. CTS Proxy Auto-Client Reconnect and Session Reliability These two enhancements optimize uptime and reliability if connections to the Terminal Server are lost. Session Reliability keeps the remote desktop running and available until the connection is restored (via auto-client reconnect) or the session is cancelled. Enhanced usability and reliability through robust session maintenance capabilities ICA Client Policy-Based Access Control The Citrix ICA client can provide access to local printers, local drives, COM ports and clipboard sharing to applications running remotely over ICA sessions. Many customers do not want to provide all of these capabilities all of the time, particularly if end users are coming from what they deem to be insecure machines. This feature allows granular control of those options at the role level.

Granular access control over access to local resources, ensuring that corporate security policies can be met by varying access based on trust level of remote endpoints. Terminal Services RDP/JICA Fallback Many SSL VPN customers must provide access from a broad range of managed and unmanaged machines, resulting in a wide range of installed software and end user privileges. With this enhancement to both Windows Terminal Services and Citrix Terminal Services, the IVE will attempt to launch several different versions of each client in order to maximize likelihood that a user can connect. In the case of WTS/RDP, the IVE will first attempt to launch the native RDP client. If that fails, the IVE will attempt to install the ActiveX control and use that to launch WTS. If that fails, the IVE will automatically launch the configured WTS bookmark using the uploaded Java RDP applet. In the case of Citrix, an installation of Citrix consists of an ActiveX control and an executable. If an installation is not already present, the IVE will attempt to download the Citrix installation based upon configured role options. If this fails the IVE will fall back to the JICA applet to launch the CTS bookmark. Ensures that end users can access their Terminal Services sessions in nearly all cases, regardless of what is installed on the endpoint PC. Windows Terminal Services Session Directory Support Session Directory is a Windows Terminal Services (WTS) feature that allows session persistence for terminal services farms. If a connection is lost for any reason, when the user attempts to reconnect, session directory will reconnect them to the same terminal server, bypassing normal load balancing that would likely direct the user to another server. This feature adds support for Session Directory to the Juniper Windows Terminal Services Client. Enhances productivity, as users do not lose any unsaved work by being directed to a different terminal server after a reconnect. Improves end user experience as the user can disconnect a TS session without logging off, and then reconnect later, continuing where they left off. Windows Terminal Services Usability/Experience Enhancements Version 6.0 of the SSL VPN software includes several new enhancements aimed at improving WTS usability and the overall end user experience. The first enhancement allows the use of a universal printer driver through the WTS proxy,

avoiding the need to install numerous third party printer drivers on terminal servers for every user s local printer. Additionally, a new enhancement was added to control the end-user s access to local resources such as local printers, drivers, COM ports, and clipboard (copy/paste) sharing between the host computer and the terminal server. Finally, several new display options make it easier to personalize WTS sessions and to optimize performance for users on low bandwidth networks. These display options include desktop background selection, menu and window animation, use of Windows Themes, font smoothing, and several more (outlined in Administrator s guide). Reduced management as administrator s no longer need to worry about installing a large number of printer drivers on their terminal servers. Enhanced security for insecure environments through control of local resource access. Improved end-user experience and performance via control of display options and personalization at the role level, allowing administrator s to optimize depending on the user s connection. III. Mobile Device Support Enhancements Standalone WSAM Launcher for Windows Mobile Devices Standalone WSAM Launcher provides a browser-less mechanism for users to authenticate to the Secure Access gateway. The WSAM launcher includes an auto-connect and storage of authentication information in encrypted form. This feature makes it extremely easy for end users to successfully connect to the SSL VPN and establish their session. Provides a way for users to launch and end their WSAM session with the use of Internet Explorer and without entering their login credentials on login Clientless File Browsing on Windows Mobile Provides file browsing capabilities through the web browser with no client (i.e. WSAM) to download to the mobile device Provides access to the widest possible range of content with no client to dynamically download to the mobile device. 2000 and Above

Certificate Authentication Support for Windows Mobile Devices Provides support for certificate authentication on Windows Mobile Devices. If certificate auth is required and one is present on the device, user can automatically establish WSAM connection with no need to enter username and password. If multiple certificates are present, the user will be prompted to select the appropriate certificate. Allows customers to leverage their PKI/strong authentication infrastructure across all devices connecting to their networks, including mobile devices. 2000 and Above with Advanced License Seamless Roaming Support for WSAM on Windows Mobile Allows WSAM to stay connected when roaming between different connections including between cellular and Wi-Fi connections. Provides seamless connectivity to end users as they move from one network to another Localization of SSL VPN End-User UI on Windows Mobile Devices Localizes SSL VPN User Interface on Windows Mobile devices for the Core and WSAM access methods to all 7 languages support by Secure Access 2000 and Above IV. Administration Flexibility and Ease of Deployment MSI Packaging for Installer Service The Juniper Installer Service has now been repackaged into an MSI file for easier deployment via group policy in Windows enterprise environments. Package is available in.msi or.exe formats. Allows customers to push Juniper Installer Service deployment via SMS, leveraging their existing deployments of management infrastructure. with SAMNC License IVS Configuration Templates Juniper s Virtual Systems capabilities have been extended to allow creation of

new virtual systems through configuration templates. Customers can use either un-configured or existing virtual systems from which to create templates. These templates can then be used as a basis for new virtual systems and further customized as necessary. Simplifies management by allowing administrators to create copies of existing virtual system configurations for deployment of additional virtual systems. with IVS License IVS Oversubscription This new feature allows customers to configure an IVS to burst beyond its user limit configuration, up to the overall concurrent user license capacity of the Secure Access device. Customers simply configure a minimum guaranteed and maximum allowed user limit for each IVS. Allows large enterprises and service providers to create service level agreements on number of concurrent users supported for a user group. Allows bursting capabilities during periods when a particular system is not fully utilized. with IVS License

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information