MOBILE IAM™ THE

SOLUTION FROM ENTERASYS

“ BYOD Done Right™”

MOBILE IAM™ - “BYOD DONE RIGHT™”

Mobile IAMAddressing the true scope of mobility imperatives

Employees in your enterprise are expecting to access the corporate network from their personal

tablets and smartphones. Higher education long ago conceded to students’ demand to use

their own devices on campus networks. Health care institutions have adapted to employee

owned devices to achieve gains in workforce effectiveness and they still ensure network security,

performance and compliance. Why are you hesitating to fully embrace BYOD?

Without doubt the sheer numbers of the types and quantities of the devices are staggering.

Industry data count 2 billion devices in use by 2015 with 75% of them used for both business

and personal use. Already 75% of all trouble tickets are generated by mobile users. Management

isn’t talking about opening reqs for help desk staff. Nor do you want to be distracted from the

critical strategic business initiatives requiring IT support. What are the costs of deploying a BYOD

program and how can they be controlled once this Pandora’s box is opened? In addition, like other

IT professionals, your worries probably include maintaining the security of your network, controlling

unauthorized access and managing more risk from new threats and vulnerabilities.

However a conservative response, avoid embracing BYOD and simply contain non-corporate owned

devices, means the enterprise is squandering opportunities for significant competitive benefits.

Using their own devices, staff has choice, flexibility and can more easily collaborate. Workforce

productivity and morale increase. IT reduces costs by saving the expenses of procuring and

maintaining corporate owned devices for every staff person.

The only answer is to implement a comprehensive BYOD solution - one that addresses all your

requirements: network security, seamless user experience, end-to-end visibility and control,

leverage existing staff and predictable costs over the short and long term.

Enterasys Mobile IAM is BYOD Done Right™. It is a comprehensive solution for all classes of

users, on any consumer or corporate mobile device. It delivers the highest user experience and

security by controlling access to the right set of connections and resources at the right times.

Bottom-line Benefits

• EmbracetheBYODopportunityanddevice

cost savings

• Increaseworkforceproductivityandmorale,

engage young new-hires

• Monitorandmanageriskend-to-end

• GaincontrolwithoutaddingITstaff,

keep OpEX under control

• Guaranteeapplicationdeliveryto

mobile devices

“The Enterasys system is so easy to use for students that this is something we do not have to worry about trouble shooting,” said McHugh. The faculty is taking advantage of the wireless network, and the students, with their own devices, are enjoying having more accessibility to the network.

Solution

BYOD Done RightBYOD DONE RIGHT

Addressing Today’s Challenges

• Enableemployeechoiceandflexibility

• Deliverpredictiveuserexperience

• Prohibitunauthorizedaccess

• Managethreatsandvulnerabilities

• Ensurenetworkavailabilityandperformance

• Predictivecosts

Total security, IT simplicity with total control, seamless user experience

“Bring your own device” (BYOD) has become an industry mega trend. However, typical BYOD solutions

are seriously incomplete. They only focus on devices and the management of non-corporate owned

devices. But, devices are just one part of the control problem. The most effective solution encompasses

devices, types and identity, and adds attributes associated with users, locations and applications.

Enterasys BYOD Done Right means total security, IT simplicity with full control and a predictable

network experience for users. It provides the complete set of capabilities and features that meet

the market’s real need for a secure and comprehensive solution. Enterasys Mobile IAM, BYOD

Done Right, is comprised of seven core capabilities: auto-discovery, multi-level device profiling,

flexible onboarding, advanced context-based policy management, guest access, virtual desktop

infrastructure (VDI) and mobile device management integration (MDM).

The solution is enabled by OneFabric Security, a distinctive security framework. OneFabric Security

treats the infrastructure as a whole and is purpose-built to ensure that every security component

is integrated and communicates with every other component. This cohesive approach provides

visibility, threat detection, automated response and enforcement end-to-end.

Purpose built for campuses and enterprises, Enterasys Mobile IAM is simple: one BYOD solution

appliance and choice from a set of Enterasys service offerings. Your BYOD program success

is assured with the engagement of Enterasys service professionals, seasoned experts who have

successfully done hundreds of these implementations. Done Right means visibility and policy

enforcement, end-to-end, simply and flexibly, without an army of new IT staff.

BYOD Done RightUnified Management, Automatic Policy, Service Guarantee

Mobile IAM provides important unique advantages which translate into greater IT control and a

better user experience. It provides granular wireless-wired network bandwidth allocation, and

specific quality of service priorities for devices by device, user, location and application. This

means, for example, that in a lecture or presentation setting the teacher can have the highest

priority quality of service (QoS), higher bandwidth may be allotted for essential applications and

only limited bandwidth allocated for irrelevant applications. Mobile IAM enforces policies at

the entry point into the infrastructure eliminating resource wastage and optimizing wireless and

wired network bandwidth. Enforcing policy at the entry point also frees up network resources for

increased device scalability without having to add or overprovision network resources. Mobile IAM

simplifies IT operations with its intelligent automated provisioning and policy enforcement. In

contrast, alternative BYOD solutions are a complex array of separately priced products and product

sub-components for a more expensive solution that is not integrated to this sophisticated level of

unified wired/wireless visibility and control.

The value of Enterasys Mobile IAM, BYOD Done Right is the ability to embrace BYOD with

the knowledge that your solution is secure, scalable and delivers a demonstrably superior user

experience. Users experience simple one-step onboarding, predictable application delivery and

the flexibility to use any device. No flood of tickets to the help desk. Enterasys BYOD Done

Right does not require any additional IT resources to manage it. It scales easily to grow as devices

increase. No matter what device they bring, the enterprise infrastructure is secure with Enterasys’

industry leading capabilities: discovery, profiling and authentication; advanced context-based

policy enforcement; and predictive threat management.

THE ENTERASYS DIFFERENCE

Purpose builtMOBILE IAM APPLIANCE

Purpose built solution for a secure campus and enterprise

Enterasys Mobile IAM addresses IT challenges being driven by today’s enterprise and campus

mobility imperatives providing end-to-end visibility and control over individual users, devices and

applications, in multi-vendor infrastructures. It provides complete software for: identity, access and

inventory management, context-based policy enforcement, end-to-end management from a single,

easy-to-use management application, auditing and reporting.

Policy management is the most granular in the industry including per port, per device layer 2-4

access control, QoS/priority, rate limit/shape and more. Real time tracking and unique state change

notification for over 50 attributes per device and user give IT maximum visibility into all network

activity. It offers an open architecture for assessment (MDM integration) and threat response

(Next Generation Firewall (NGFW), Security Information and Event Management (SIEM), Intrusion

Prevention System (IPS)). Mobile IAM can scale up to 100,000 devices, depending on the

configuration, for the flexibility to meet current and future needs without having to buy components

that are excessive at the start. The Mobile IAM Appliance is available as a physical or virtual

appliance to best meet your deployment needs.

Advanced Context-Based Policy Management

Mobile IAM’s advanced context-based policy engine is the most flexible in the industry. The

attributes available for policy rule definition include authentication type, device type, user, role,

location, time, and assessment status. Within each attribute, specific classifications enable the

most fine-grained discriminations. It integrates with authentication services and provides unified

wired, wireless and VPN enforcement.

Auto Discovery

Auto Discovery automatically detects end systems and users and creates a hardware inventory

for all attached end systems. The multiple methods provided for user detection include network

authentication using 802.1X, Kerberos and RADIUS snooping, portal-based registration and

authentication and external user-IP mapping technologies. Multiple methods are used for device

detection with MAC authentication followed by IP resolution and reverse DNS lookup and multi-

level device profiling. Auto discovery can discover and track 50 attributes per end system and user

pair – a level of detail that is unmatched in the industry.

Multi-Level Device Profiling

Mobile IAM provides a comprehensive set of profiling capabilities and API’s for integrations

to extend these capabilities even further. Features include OUI based profiling, DHCP option

fingerprinting with the ability to customize, captive portal, user agent profiling and network-

based and agent-based assessment. With MDM integration granular device type and capability

information is identified. With the Mobile IAM Fusion API information from external profilers that

are behavior based can be incorporated.

Zero Effort and Secure Onboarding and Authentication

With Mobile IAM, end users experience Zero Effort™ onboarding. Not even portal registration is

required with the transparent web cache/proxy redirect functionality. For flexibility portal based and

automated onboarding are two additional approaches that are provided. Portal based registration

with back end integration into LDAP and RADIUS means zero effort for IT. With automated

onboarding Web Services are used to allow external systems, such as student management, dorm

management, registration and enrollment portals to provision access.

Managed Guest Access Control with Sponsorship

Guess access management provides accountability, tracking and control. It is fully integrated

with Mobile IAM. There are no additional software modules to purchase and maintain. Guest

access is through a voucher, pre-registration, authenticated or sponsored access. It is highly

automated, including, for example, web-based guest registration with automatic workflow for a

sponsor’s validation and approval. No matter which vendors populate the infrastructure, Mobile

IAM automated guest services provide unified wired/wireless access control for all non-employees.

Partners, contractors, visitors or conference attendees are productive while critical business systems

and resources are protected from misuse or compromise.

Quickest timeMOBILE IAM SERVICES

Quickest time to value

Enterasys is confident of the value we deliver. Take advantage of Enterasys’ award-winning services

by choosing from four implementation options. This portfolio enables you to choose the service

that best fits your needs and priorities. The benefit for you is the ability to utilize expert resources to

deploy your optimal solution most efficiently. Mobile IAM Professional Services include everything

needed to effectively implement the solution including: auto discovery of existing infrastructure;

integration with existing wired and wireless LAN; access policy definition and deployment; and ‘as

built’ documentation.

The Fusion MDM Connect Service enables enterprises to extend the value and simplicity of Mobile

IAM by integrating the MDM functions of a mobile device management product. Gain simplified

management with one interface and enhance Mobile IAM’s capabilities with the additional device-

specific attributes and health status information available from the MDM.

Fusion SDN Connect Integration Service provides integration with a variety of IT systems such as

Palo Alto NG-FW, IF-MAP, student onboarding systems, SEN OpenScape, Polycom and others. The

integration automates context-based policy provisioning of network services for user, device and

application for enhanced IT efficiency. IT also gains additional visibility into all devices, users and

applications enabling more control.

Some enterprises in highly regulated industries turn to virtual desktop infrastructure (VDI)

as a method to securely deliver applications for BYOD or other mobile devices. There is no

data on the device in a VDI implementation eliminating the problem of lost sensitive data if a

device is lost or stolen. But, there are important challenges with a VDI approach. How do you

automatically provision the correct access roles for each user in the data center? How can you

visualize and track who is using your VDI instances at any point in time and with which access

roles? Enterasys VDI Data Center Integration Service provides a solution in a single architecture

for the edge and data center.

Education + HealthcareMOBILE IAM VERTICAL MARKETS

Mobile IAM for K-12 Education

Pressure for Bring-Your-Own-Device has been especially strong among K-12 schools. Cost

pressures, parent and student demand, new styles of teaching, and on-line testing have all had

an important role in driving this need. At the same time, insuring compliance with Acceptible

Use Policy (AUP) and the Children’s Internet Protection Act (CIPA), as well as maintaining

security and preventing inequities without taxing the school’s limited IT resources, present major

challenges in implementing BYOD for K-12 schools.

Enterasys Mobile IAM controls access based on user, device, location, application – in fact,

it can take into account up to 50 different considerations. So a teacher using video for

classroom instruction can get high bandwidth, while students in the cafeteria may be limited

in their YouTube viewing. High bandwidth can also be provided for VDI use by the staff, while

entertainment devices such PlayStation Portable may be barred from the network entirely.

All this is easily managed by the IT staff without additional resources. Mobile IAM provides a

single pane of glass for network management including BYOD device management. Teachers and

students can be automatically provisioned when they first bring their devices to school. Network

usage is simply monitored by user, device, location, and application to insure full compliance

with AUP and CIPA.

Education + HealthcareMobile IAM for Higher Education

Higher Education has some of the highest demand for Bring Your Own Device, but also faces the

greatest risks and challenges in implementing it. Faculty, staff, students, and parents all demand

permission to bring and use personal wireless devices on campus. The typical college student

today has between two and five personal devices, including smartphone, music player, pc, tablet,

and portable game console. In the face of this device invasion, the valuable campus network

resources and data must be protected from unauthorized and malicious use.

Enterasys Mobile IAM enables BYOD with complete security for the campus network and data.

The context-based policy engine controls network usage based on up to 50 factors including user,

device, location, and application. So high bandwidth can be provided to staff and students using

VDI. High bandwidth can also be allocated to video for instructional use. Global classrooms on

remote campuses as well as distance learning in general are fully supported. But administrative

information is fully protected.

Enterasys guarantees the Mobile IAM implementation; it is smooth to install and won’t require

any additional staffing to the already-stretched higher education IT department. The network and

all devices are managed with a single pane of glass. Devices can be automatically provisioned

based on the pre-determined policy.

Enterasys BYOD Done Right is the maximum solution with the minimum risk. For additional product and services details please see the Enterasys Mobile IAM datasheet. To learn more and arrange a demo, contact your local Enterasys sales representative, an authorized Enterasys partner or visit www.onefabric.net.

WANT TO LEARN MORE?

04/12

© 2012 Enterasys Networks, Inc. All rights reserved. Enterasys Networks reserves the right to change specifications without notice. Please contact your representative to confirm current specifications. Please visit http://www.enterasys.com/company/trademarks.aspx for trademark information.

Mobile IAM for Healthcare

The integration of wireless into the clinical workflow has brought an avalanche of new devices

to hospitals – tablets, biomedical devices, workstations on wheels, smart phones, VoIP wireless

handsets – putting the burden on IT to successfully manage patient care and staff-owned

voice, video and data devices. Along with these devices comes the demand for anytime,

anywhere patient and clinician access. Reliable and scalable mobile solutions are of paramount

importance to hospitals, both large and small. Success will be based on their ability to deliver a

consistent user experience.

Today 80% of physicians own tablets and are seeking to use them in the workplace. Unrestricted

usage could jeopardize private patient information as well as place an unacceptable burden on the

network. Similarly, both patients and guests request to use their personal wireless devices while

they are in the hospital. All of these devices potentially share a network environment with critical

hospital wireless devices including location tracking systems, telemetry, and biomed devices; each

with their independent needs for security, quality of service, data access, and bandwidth.

With Enterasys Mobile IAM network resources are allocated based on up to 50 different

considerations, including user, device type, location, and application. This means that a doctor

can get high bandwidth to his iPad for VDI and video. He’ll be able to securely check on patient

data. Biomed devices will get high priority and the bandwidth that they need. Guests can easily

log on to the network, but their bandwidth will be controlled and they will get no access to

hospital data and devices.

And all of these capabilities are simply managed with a single pane of glass, without putting

additional demands on the hospital’s limited IT resources. Enterasys Mobile IAM dynamically

maintains a list of authorized users, devices, and locations to provide zero-effort onboarding and

predictable, secure application delivery.