DYNAMIC SECURE MOBILE ACCESS

Similar documents
Activity sectors of UCOPIA.

Information. OpenScape Web Collaboration

Information OpenScape UC Application OpenScape Personal Edition

OneFabric Connect. Overview. Extend the OneFabric architecture to 3rd party applications DATA SHEET BENEFITS BUSINESS ALIGNMENT

BYOD: BRING YOUR OWN DEVICE.

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

CORPORATE PRESENTATION

Wireless Networking Solutions for Schools. Assisting schools with the implementation of a trusted safe and secure wireless network.

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Avaya Identity Engines Portfolio

Symantec Mobile Management Suite

Systems Manager Cloud Based Mobile Device Management

SA Series SSL VPN Virtual Appliances

The all-in-one Unified Communications solution for SMBs.

Cisco TrustSec Solution Overview

Cisco Mobile Collaboration Management Service

Meru MobileFLEX Architecture

Accelerate! Communication for the open minded. Siemens Enterprise Communications

OpenScape Web Collaboration

300Mbps Wireless N Ceiling Mount Access Point

Meraki Wireless Solution Comparison

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Design and Implementation Guide. Apple iphone Compatibility

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

300Mbps Wireless N Gigabit Ceilling Mount Access Point

What is Driving BYOD Adoption? SOLUTION CARD WHITE PAPER

The ForeScout Difference

Meru MobileFLEX Architecture

How To Use Cisco Identity Based Networking Services (Ibns)

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility

The All-in-one Guest Access Solution of Tomorrow, Delivered Today

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2

ForeScout MDM Enterprise

The Future of Mobile Device Management

Secure Mobile Solutions

Models HP IMC Smart Connect Edition Virtual Appliance Software E-LTU

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

An Intelligent Solution for the Mobile Enterprise

How To Use Blackberry Mobile Voice System On A Blackberry Phone

GoToMyPC reviewer s guide

Why Migrate to the Cisco Unified Wireless Network?

IT Enterprise Services

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

POLICY SECURE FOR UNIFIED ACCESS CONTROL

Addressing BYOD Challenges with ForeScout and Motorola Solutions

5 Minute Guide. What can OpenScape Secure Cloud do for me?

Enterprise Mobility Solution Puts Unified Communications on the Smartphones Employees Love

Increased Productivity

The Myths & Truths of Enterprise Mobile Printing: 9 ways PrintMe Mobile sets the truth and your IT department free.

Enterprise Mobility as a Service

The All-in-One, Intelligent NXC Controller

PrinterOn: True Enterprise-Grade Mobile Printing Services

Mobility, Network Access Control and Convergence for Voice, Video and Data Applications on Corporate Wireless & Wired Networks. UCOPIA White Paper

On-boarding and Provisioning with Cisco Identity Services Engine

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Secure, Centralized, Simple

UCOPIA v5.1 NEW FEATURES

BYOD Networks for Kommuner

BlackBerry Mobile Voice System

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

ios Enterprise Deployment Overview

Secure Networks for Process Control

Agenda What can we do now? And 5 years from now we will still be current!

Cisco Enterprise Mobility Services Platform

The All-in-One, Intelligent WLAN Controller

Secure Your Mobile Device Access with Cisco BYOD Solutions

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

EMC SYNCPLICITY FILE SYNC AND SHARE SOLUTION

WHITE PAPER. Deploying Mobile Unified Communications for Cisco

300Mbps Wireless N Gigabit Ceilling Mount Access Point

XenMobile Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

NSW Government. Wireless services (WiFi) Standard

Configuration Guide BES12. Version 12.2

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Mobile Printing for Business Made Easy

What We Do: Simplify Enterprise Mobility

Overview. Unified Communications

NETGEAR /ValuePoint Networks Interoperability Report

Transcription:

DYNAMIC SECURE MOBILE ACCESS DYNAMIC SECURE MOBILE ACCESS

Introduction The traditional approach The strong growth in the tablet and smartphone markets in both the consumer and corporate spheres makes it necessary to implement solutions able to offer enough flexibility and control to satisfy both users and administrators alike. The trend towards BYOD (Bring Your Own Device) is becoming increasingly significant as it allows employees to come with their own equipment, reducing the costs of acquiring IT equipment for the company. This approach does however give rise to an additional burden that needs to be taken into consideration. First, users expect devices to work in exactly the same way as their in-house equipment (PC or telephone) at the company. Second, security is a requirement when rolling out these new devices. They therefore need to be identified and offered controlled access to infrastructure and applications. The DSMA Dynamic Secure Mobile Access solution from Enterasys and UCOPIA Communications enables these challenges to be met. It offers administrators tools to identify and trace all mobile resources that wish to connect to the corporate network. In addition, Enterasys wireless technology, brings flexibility and simpleconfiguration providing unprecedented ease of use for users. The implementation of a wireless network to connect mobile devices such as laptops or Wi-Fi telephones has traditionally been based on creating several SSIDs, each with a clearly delineated usage and its own security. In terms of security, the market s only response is often to implement the 802.1X protocol. Although complex to implement, this 802.1X protocol remains effective and appropriate for a corporate environment. Assuming, of course, that the mobile devices support it and that they belong to the company Its limitations are therefore quickly reached once other devices wish to connect. It is advisable to create a new network for them, i.e. a new SSID, with all the associated configuration and administrative burden that comes along with this. In order to cope with a deluge of in-house laptops, Wi-Fi telephones, tablets and smartphones, a vast array of configurations and networks, all needing to be managed, could soon result. Users are faced with a choice to make: which network should I connect to? The answer to this question would depend on where they are and the device they are using. Not easy for users and time-consuming for administrators.

The answer: The DSMA solution 1. A single supervision and configuration tool The Enterasys/UCOPIA Communications solution provides a simple and effective answer. It comprises the following components: A virtual Wi-Fi controller (or appliance) a/b/g/n access points A NAC (Network Access Control) controller to manage internal user profiles and their devices A UCOPIA controller to manage guest access and session traceability. OS Console Ucopia Guest portal Session logs NAC Profiling AAA Wireless Wi-Fi controller NMS Console Reporting OS OS OS OS VMWARE - virtualisation layer (ESXi) Intel Base x86 architecture All controller components can be deployed virtually to make implementation and service continuity even more straightforward. The implementation of the DSMA solution makes it possible to identify all mobile devices and users connecting to the infrastructure. NAC will perform the profiling operation. Associated with Wi-Fi terminals, the NAC is able to: identify each device dynamically by its MAC or IP address position it on a terminal and SSID determine its hostname, OS and type. Example: ios (ipad, ipod, iphone), Blackberry, Android, Windows, etc. With the NMS tool, administrators are provided with a single platform for configuration and supervision of this environment. The integrated Wireless Manager is used to define SSIDs, topologies and security policies. The NAC Manager provides visibility into all connected devices. Based upon the device profile and user authentication, differentiated rules can be enforced based uponthe device type, OS type, the time the connection is made, location, etc. As an example, this makes it possible to to manage the same ipad differently depending on the time of day or connection location.

2. Simplified corporate wireless network access A further advantage to the DSMA solution is simplified corporate wireless network access. With the DSMA solution, users see only an SSID. This step is therefore considerably simplified with the Enterasys wireless solution. A further advantage to the DSMA solution is simplified corporate wireless network access. To achieve this, the DSMA solution sorts corporate devices from external devices (guests). The administrator is able to make use of an existing reference base, i.e. the corporate directory, whether opened with an LDAP connector or a Microsoft Active Directory. In this directory, all the company s internal devices are listed in an OU (organisational unit) with their associated hostnames. As NAC is able to identify devices by their hostname, it is easy to reference the directory based upona connection request, to see whether the mobile device attempting a connection is known and apply the appropriate configuration. It will therefore be straightforward to identify whether a resource is internal, and do so through an LDAP control without requiring 802.1X to be implemented. At the network level, simple authentication by MAC address is enough to trigger this control. 802.1X can of course be used to distribute encryption keys for the devices concerned.

3. Traffic management by mobile device type The Enterasys wireless solution is able to issue a role to each mobile device or user in the wireless network. Each role contains inbound and outbound filtering rules, along with QoS rules. All users or devices on the network can therefore receive the appropriate level of service for their needs, depending on their device or the application supported. This is necessary for ToIP, but proves just as useful for users and in particular for restricting the bandwidth used for online applications. 4. Guest management by the UCOPIA controller As the system is able to distinguish between connecting devices, guest devices will be associated with a guest profile and will be given appropriate access (security policy or filtering). For example, a guest accessing the network with an ipad will be associated with the guest network.the UCOPIA controller offers a captive portal to get Internet access. A single SSID contains several topologies and several security policies. Each security policy defines how communications are handled at the access point or controller level. Communications may be handled differently depending on whether the mobile device is identified or not. For example, traffic is escalated to the controller if the device is not authenticated, but may be handled locally by the access point once the device is authenticated. This is often impossible with competing solutions, which offer one global communication handling method for all access points. The flexibility that the DSMA solution offers makes it possible to limit the number of SSIDs visible to users. It is no longer necessary to find which SSID is able to host the device. In summary, the DSMA solution makes it possible to define a single SSID for a multitude of devices, while guaranteeing optimum security and customised management. Since the anti-terrorist legislation n 2006-64 of 23 January 2006, cafés, hotels, cybercafés, restaurants and airports, plus all individuals and organisations offering the public any connection of a kind enabling online communication by means of access to a network, including when this is free of charge, are obliged to store what is known as traffic data. Corporate information system access security therefore requires two contrasting needs to be reconciled, one entailing offering a network that is open to subcontractors, partners and other guests, the other entailing providing system security while ensuring that only authorised users are able to access the right data at the right time from the right place.

Conclusion Our joint references DSMA therefore offers controlled, trackedaccess for guests and internal users alike, whether they are using mobile devices belonging to the company or their own equipment, while providing and maintaining network security. The solution is easy to implement, easy to use and effective, all while keeping operational costs low. The advantages of the DSMA (Dynamic Secure Mobile Access) solution Simple and intuitive solution Comprehensive solution for a company s guests and internal users Straightforward integration Dynamic recognition and management of mobile devices SSID unification Device integrity checking Configurable and flexible captive portal Traceability and reporting on Internet sessions for guests Unified LAN, Wi-Fi and NAC administration including reporting and supervision 802.1X and future Wireless Gigabit* compatible Compatible with existing PoE environments (11W max.) Multiple user profiles / custom security policies depending on user or device type Support for QoS and rate limiting by user role Support for 802.1X plus dynamic control by MAC and LDAP control Supports zero configuration for users Multiple account distribution options (delegation, SMS, email, etc.) For more information about Wireless Enterasys solution: Wireless Access Points Wireless controlers Wireless Management White papier Bring Your Own Device * with new access points Patented Innovation 2011 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information. 10/11 Delivering on our promises. On-time. On-budget.

About UCOPIA Communications Contact us Frédéric AGUILAR Technical Director +33(0)1 40 84 61 82 enterasys@ucopia.com UCOPIA Communications is a French publisher of mobility management solutions for Wi-Fi networks. Formed in 2002 by network technology experts, UCOPIA offers administration and security solutions for wireless networks. UCOPIA is a solution certified by ANSSI, the French Network and Information Security Agency. These solutions, aimed particularly at companies, educational establishments and government departments, allow users to connect securely to the network and use intranet, extranet and internet applications simply and safely. UCOPIA Communications develops and markets its offer using a European network of hundreds of integrators, experts in the network, IP convergence and security fields, but also specialising in specific sectors (hospitality, education, SMEs, etc.). Thanks to the expertise of this partner network, UCOPIA can advise and support its clients in their plans, regardless of their size or business. For more information on UCOPIA Communications, please visit www.ucopia.com About Enterasys Networks and Siemens Enterprise Communications Siemens Enterprise Communications is a premier provider of end-to-end enterprise communications, including voice, network infrastructure and security solutions that use open, standards-based unified communications and business applications for a seamless collaboration experience. This award-winning Open Communications approach enables organizations to improve productivity and reduce costs through easy-todeploy solutions that work within existing IT environments, delivering operational efficiencies. It is the foundation for the company s OpenPath commitment that enables customers to mitigate risk and cost-effectively adopt unified communications. Jointly owned by The Gores Group and Siemens AG, Siemens Enterprise Communications includes Cycos and Enterasys Networks. For more information about Siemens Enterprise Communications or Enterasys please visit www. siemens-enterprise.com or www.enterasys.com. Contact us Marc-Albert BOLLINI Sales Director + 33(1)40 92 73 90 enterasys@ucopia.com DYNAMIC SECURE MOBILE ACCESS

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information