AccessDirect. SSL VPN Remote Access

Similar documents
SECURE ACCESS GATEWAYS

AG 1000 Series. Secure Access Gateways

AG SERIES DATASHEET SECURE ACCESS GATEWAYS

Market Application Delivery Networking. Products ADC, WAN Optimization, Secure Access

SSL VPN Evaluation Guide. Criteria for Choosing the Right SSL VPN

Secure remote access to your applications and data. Secure Application Access

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

PRODUCT CATEGORY BROCHURE

SA Series SSL VPN Virtual Appliances

AVX SERIES VIRTUALIZED APPLIANCES

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2

What s New in Juniper s SSL VPN Version 6.0

Application Delivery Networking

What We Do: Simplify Enterprise Mobility

Proof of Concept Guide

Deliver Secure and Accelerated Remote Access to Applications

SVN5800 Secure Access Gateway

Novell Access Manager SSL Virtual Private Network

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Securing Citrix with SSL VPN Technology

SVN3000 Security Access Gateway SSL/IPSec VPN Access Gateway

Implementing Core Cisco ASA Security (SASAC)

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

REQUEST FOR PROPOSAL FOR SUPPLY & INSTALLATION OF Firewall. Bill of Material

MANAGE SECURE ACCESS TO APPLICATIONS BASED ON USER IDENTITY. EMEA Webinar July 2013

nexus Hybrid Access Gateway

McAfee Security. Management Client

AVX SERIES VIRTUALIZED APPLIANCES

APV9650. Application Delivery Controller

White Paper. SSL vs. IPSec. Streamlining Site-to-Site VPN Deployments

Implementing Cisco IOS Network Security

PULSE SECURE FOR GOOGLE ANDROID

A Guide to New Features in Propalms OneGate 4.0

EasyConnect. Any application - Any device - Anywhere. Faster, Simpler & Safer Networks

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Pulse Connect Secure. Data Sheet. Published Date

CENTRAL MONITORING AND MANAGEMENT. CMX SERIES DATASHEET CENTRALIZED MANAGEMENT

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

Array Networks & Microsoft Exchange Server 2010

Deliver Secure and Fast Remote Access to Anyone from Any Device

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Kaseya IT Automation Framework

Aventail SSL VPN. Getting Started Guide. Version 8.6

FileCloud Security FAQ

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

SECURE ACCESS TO THE VIRTUAL DATA CENTER

Privileged Access Management 15.3 Available Features

Mobile Access R Administration Guide. 13 August Classification: [Protected]

Citrix Access Gateway

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

APPLICATION ACCESS MANAGEMENT (AAM) Augment, Offload and Consolidate Access Control

SSL VPN Technology White Paper

PortWise 4.7. PortWise Sales FAQ. Sales FAQ & Licensing Guide

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Introduction to Endpoint Security

Barracuda SSL VPN Administrator s Guide

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

VPN_2: Deploying Cisco ASA VPN Solutions

Deploying F5 Application Ready Solutions with VMware View 4.5

Integrating F5 Application Delivery Solutions with VMware View 4.5

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Dell World Software User Forum 2013

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

For Sales Kathy Hall

Forcepoint Stonesoft Management Center

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

WatchGuard SSL v3.2 Update 1 Release Notes. Introduction. Windows 8 and 64-bit Internet Explorer Support. Supported Devices SSL 100 and 560

DEPLOYMENT GUIDE Version 1.0. Deploying the BIG-IP Edge Gateway for Layered Security and Acceleration Services

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

Symantec Client Management Suite 8.0

RSA SecurID Ready Implementation Guide

Enterprise Solution for Remote Desktop Services System Administration Server Management Server Management (Continued)...

The governance IT needs Easy user adoption Trusted Managed File Transfer solutions

Your Location Instant NOC using Kaseya. Administrator at Remote Location Secure access to Management Console from anywhere using only a browser

Mobile Access Software Blade

Cyberoam Perspective BFSI Security Guidelines. Overview

Reverse Proxy for Trusted Web Environments > White Paper

NCSU SSO. Case Study

FEATURE COMPARISON BETWEEN WINDOWS SERVER UPDATE SERVICES AND SHAVLIK HFNETCHKPRO

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Securing Networks with PIX and ASA

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Cisco Adaptive Security Appliance Smart Tunnels Solution Brief

APV x600 Series. Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600

Check Point Security Administrator R70

Extranet Access Management Web Access Control for New Business Services

Dell SonicWALL Secure Virtual Assist: Clientless remote support over SSL VPN

VMware vcloud Networking and Security Overview

Transcription:

AccessDirect D A T A S H E E T SSL VPN Remote Access AccessDirect is an enterprise-class SSL VPN remote access solution that enables anytime, anywhere secure access to business applications and resources increasing productivity while maintaining security and compliance. With AccessDirect, employees, partners, tenants, customers, contractors and guests need only a common Web browser to quickly and securely access enterprise and cloud resources and applications for which they are authorized. AccessDirect requires no pre-installed clients, supports a broad range of access methods, provides encrypted communications and end-point security, and offers industry-leading scalability and price-performance. AccessDirect enables enterprises and service providers to rapidly address immediate secure access requirements while laying a foundation for expanded capability should the need arise. Highlights & Benefits Anytime, anywhere browser-based secure remote access, enables increased productivity for employees, partners, tenants, customers, contractors and guests Up to 3.2 Gbps throughput, 128,000 concurrent users and 500,000 users on a single access gateway appliance for maintaining security and driving productivity at scale 256 virtual SSL VPN portals on a single appliance, customizable to the security and usability preferences of multiple tenants and communities of interest Per-user policy engine for identity-based access to URLs, files, networks and applications Controlled access from managed and un-managed devices including desktops, laptops, tablets and smart phones Cross-platform support for a range of operating systems and browsers Range of access methods including Web, Layer-3 and client-server connectivity High-performance 1024-bit and 2048-bit SSL encrypted communications Endpoint security including host-checking, cache cleaning and adaptive policies Supports a range of AAA and dual-factor authentication schemes No pre-installed clients; eliminates firewall and network traversal issues common to traditional VPNs Array Business Continuity (ABC) Contingency Licenses for affordably supporting surge remote access Familiar CLI and WebUI for ease of configuration and management Available for Array AG 1000 Series Secure Access Gateway appliances Centralized management for multiple AG appliances

P R O D U C T D E S C R I P T I O N Next-Generation Secure Access Designed for next-generation mobile and cloud secure access, and as a replacement for legacy remote access VPNs, Array AccessDirect SSL VPN provides greater flexibility by leveraging ubiquitous Webbased access, more granular data protection through client security and identity-based access controls, and fewer deployment hassles with an architecture that requires no pre-installed clients and is transparent to existing infrastructure. Using SSL, the security protocol present in all Web browsers, AccessDirect enables a range of remote access methods across a broad spectrum of managed and unmanaged devices including laptops, desktops, tablets and smart phones. Web applications can be made available within a secure Web portal, while network-level connectivity and connectivity for specific client-server applications over SSL can be enabled via a universallycompatible client. SSL VPN Virtual Portals Built-on Array virtualization technology, AccessDirect can support up to 256 SSL VPN virtual portals to meet the unique needs of multiple user groups and tenants. Each virtual portal is fully independent, with separate management, access policies, access methods and resources. Built-in templates make creating virtual portals easy, and provide a starting point for further customization. In addition, features and functions can be seamlessly integrated into existing Web pages and custom layouts with minimal effort using Array portal theme technology. Per-User Policy Engine AccessDirect provides full control of access policies on a per user basis. In addition to validating hardware IDs, AccessDirect checks remote devices for required service packs and anti-virus software before granting access to protected networks and resources. Administrators can assign roles based on username, group name, source IP, login time and authentication method and can specify which resources are available to which access methods. Each role will see different resources in the SSL VPN portal and can be assigned different QoS policies. With capacity for 500,000 users in its local database, access policies can be stored on the Array applicance or can be provided via integration with external AAA servers. In addition, SSO settings can be customized to store multiple username and password pairs for different backend application servers. AccessDirect s authentication mechanism allows users to choose their desired authentication method or may be set such that users must authenticate to multiple AAA servers for added security, in a manner similar to multi-factor authentication. End-to-End Security A dissolvable client-side security agent mitigates network or resource exposure by enforcing pre and post-admission policies and adapting access rights to suit changes in the client environment. Hostchecking verifies device and user identity, and ensures clients meet pre-defined security parameters (anti-virus, anti-spyware, personal firewalls, patches, service packs) and determines adaptive policies. For additional control, cache cleaning can be enabled to wipe cached information from devices when sessions end. All traffic between clients and the Array appliance is encrypted over SSL, and a security-hardened OS ensures that Array appliances are as secure as the networks and resources they protect. Layer 2-7 authorization provides granular access control based on user identity and role within the organization, while comprehensive auditing tracks all activity on a per-user, per-event, and per-resource level. Acceleration & Availability Layers of protection typically add security at the expense of application performance and ease-of-use; no matter how robust a secure access solution is, it won t enhance productivity unless users find it fast and friendly. To ensure performance and security, AccessDirect features integrated application acceleration including connection multiplexing, SSL acceleration and compression. Deployed at the largest enterprises and service providers in the world, AccessDirect has proven its reliability tallying up over five years of flawless performance in the most demanding production environments. In the event of a failure, Array clustering technology and Array Business Continuity (ABC) Contingency Licenses ensure an unaffected, transparent experience for users. Management & Reporting AccessDirect offers both a familiar CLI and an intuitive Web user interface that can easily be customized to create streamlined, integrated management systems. Monitoring is made simple with

P R O D U C T D E S C R I P T I O N SNMP-based monitoring tools, and with support for XML-RPC, a range of third-party applications can be used to automate management tasks. In addition, up to 100 appliances running AccessDirect can be managed centrally to provide a single point of configuration, monitoring and reporting for Array products. management platforms, and custom solutions for reporting, billing, SLAs and vertical-specific requirements. Developers can also create custom native apps with built in security for mobile environments. From providing real-time usage intelligence to seamlessly interoperating with complementary secure access and application delivery technology, the power of AccessDirect APIs is unprecedented. Integration & Extensibility Taking advantage of extensible APIs, IT can marry secure access intelligence with threat and risk management platforms, virtual Mobile & Remote Access Public & Private Cloud Employee & Guest Access BYOD Office Workers

F E A T U R E S P E C I F I C A T I O N S Access Methods Clientless Web Access On-Demand Client Access Mobile Access 100% clientless -- Support HTML, JavaScript and plug-in parameters -- Ensures proper function of application beyond the corporate network -- Masks internal DNS and IP addressing -- Supports browser-based access from any devices Pre-installed or Web-delivered client through Java or ActiveX -- L3, L4 or auto-select tunneling Auto-launch upon login, transparent to users -- L3, L4, L7 for Windows XP (32-bit), Windows 7 (32/64-bit), Linux, MacOS -- Split tunneling and full tunneling control, create tunnel through HTTP forward proxy -- Supports any IP application including TCP, UDP, NetBIOS, Outlook, Terminal Devices, FTP, CRM and all CS and BS applications -- Internal static and dynamic IP address assignment and external DHCP server IP address assignment -- Network drive mapping Auto-launch of network scripts and commands Differentiated configurations per user or group roles Stand-alone, command line and SDK for Array VPN client -- Multi-language support Detailed traffic logs L4, L7 for ios -- L3, L4, L7 for Android Client Security Host Checking Verifies device state prior to granting access -- Scan for personal firewalls, anti-virus, anti-spam and service packs -- Custom rules for a range of apps, registry checks and patches -- MAC address or hardware ID validation Adaptive Policies Access level conditional on end-point status -- Integrated policy management Cache Cleaning Wipes all stored browser information upon session termination -- Per-session with idle timeout and browser closure Data Center & Cloud Security Server-Side Security-hardened OS -- Passive and active Layer-7 content filtering -- Permit or deny policies -- DDoS prevention -- Reverse-proxy network separation SSL Data Encryption TLS 1.0/SSL 3.0, TLS 1.1/1.2 -- AES128-SHA, AES256-SHA, DES/3DES, SHA/MD5 1024 and 2048-bit keys -- SSL session reuse -- Certificate field passing to backend -- Online/offline CRL -- OCSP Authentication, Authorization & Auditing (AAA) Authentication Authorization LDAP, RADIUS, AD, LocalDB, RSA SecurID,Swivel, Vasco, Custom -- 500,000 users in LocalDB -- Enable/disable LocalDB user -- LocalDB password policy control -- Backup/restore LocalDB -- Export LocalDB in CSV format (Excel) Up to 1500 logins per second -- Certificate-based authentication -- Authentication server ranking (search user credential in multiple servers) -- RADIUS challenge response mode -- Restrict login based on date and time -- Single sign-on, NTLM, HTTP basic authentication and HTTP POST -- User lock-up by login failure, inactivity or manually by admin Granular access control -- Role-based access control Roles defined by username, group name, login time, source IP and login method -- Permit and deny policies -- Authorize user based on MAC address or hardware ID -- Provides high flexibility in configuration and detailed logging Auditing Full audit trail in WebTrends WELF format Logs all user activity (success, failure, attack) Multi-Factor SSL client certificates, RSA SecurID, Entrust, other RADIUS-based authentication systems -- Multiple AAA server authentication

A P P L I A N C E O P T I O N S Performance & Scalability System 64-bit Array SpeedCore multi-core platform -- Optimized packet flow with single-digit millisecond latency -- Up to 128,000 concurrent users on a single appliance -- Up to 3.2 Gbps SSL throughput on a single appliance -- Hardware SSL key exchange and bulk encryption performed in kernel -- Connection multiplexing for optimizing server efficiency and reducing back-end connections High-availability and scaleout (active/active, active/standby clustering) Virtualization 256 virtual SSL VPN portals -- Single page virtual site creation -- Concurrent user session control per virtual portal -- Delegated management -- Portal theme technology for custom virtual portals or integrating AccessDirect with pre-existing Web pages -- Pure Javascript-based customization on per virtual portal basis -- No external server requirements -- Localized end-user GUI support for English, Japanese, simplified and traditional Chinese Management Simplified Administration Centralized Management Intuitive WebUI -- Quick-start wizard -- Role-based administration -- Strong administrator authentication -- RADIUS accounting -- No client installation or management -- Configuration synchronization -- Full device backup and restore including client security, portal theme, SSL certificates, keys, CRL, LocalDB User/feature license control NTP, NAT, RTS, Logging Array CMX centralized management appliance -- SSH/CLI, SSL/WebUI, SNMP, XML/RPC API -- Supports NRS2 (Array Networks multiple system reporting and analyzing tool) Warranty & Support Warranty Support 1-year hardware; 90-day software Gold, silver and bronze-level support plans Scalable Appliance Options AG 1000 AG 1100 AG 1150 AG 1200 AG 1500 AG 1600 Max. Concurrent Users 300 3,000 10,000 25,000 72,000 128,000 Aug-2012 rev. b 1371 McCarthy Blvd. Milpitas, CA 95035 arraynetworks.com Phone: (408) 240-8700 Toll Free: 1-866-MY-ARRAY