Date post: | 24-Dec-2015 |
Category: |
Documents |
Upload: | elfrieda-dean |
View: | 219 times |
Download: | 3 times |
Securely connecting users and applications from anywhere to
anywhere in today’s global economy.
Mobile Now™ for BYOD All your business applications.None of the business risk.
AG series secure access gatewaysJump in. The mobile waters are fine.
Sections
JUMP IN.THE MOBILE WATERSARE FINE.
1. What is a secure access gateway?
2. Array secure accesssolutions- SSL VPN- Remote desktop- Mobility- Business continuity
3. Array AG Series secure access gateways- Product line- Feature matrix
4. Key takeaways
5. Case studies and global satisfied customers
What is a secure access gateway?
IPsec VPN
Network-level encrypted access
• Remote access
• Managed laptops
• Intranet only
• Requires client
Anytime, anywhere secureaccess with greatersecurity and control
VPN remote access for select workers onmanaged PCs
SSL VPN
L7, L4 & L3 encrypted access
• Any device
• Intranet or extranet
• Clientless
• Granular control
2000
2003
2006
Remote access as an enterprise-wide strategy for worker productivity
Scalability
Enterprise-wide remote access
• Support employees, partners and guests
• Thousands of users and burst capacity for BCP events
Adapting secure access to address new apps,devices and consumerization
Mobility
Smart phones, tablets and BYOD
• Data, device and app management
• Preventing data leakage when using personal devices
2009
2013
ANYTIME-ANYWHERE ANY DEVICE ANY APPLICATION
Internal / Campus Network
• Up to 256 virtual gateways• 2048-bit SSL encryption• L3, L4 and L7 connectivity• Advanced AAA integration• Dual-factor authentication• Single sign-on
What is a secure access gateway?
• Per-user policy engine• Auditing and reporting• End-point security• RDP over SSL • Wake-on-LAN• BCP contingency licenses
SECURE ACCESS ARCHITECTURE• iOS and Android support• Per application L3 mobile VPN• L4 SDK for secure tunneling• Secure Web browser• Enterprise app store• Client, app and device security
Road WarriorsRemote Users
Native & Web AppsEnterprise ApplicationsPhysical & Virtual Desktops
LAN UsersLaptops & Desktops
WiFi UsersBYOD
Home WorkersDay ExtendersBusiness Continuity Users
Smart Phone &Tablet Users
Array secure access solutions
AccessDirect™SSL VPN
Traditional Web or network-level VPNfor remote workers.
DesktopDirect™Remote Desktop
Securely access office desktops and apps from any device or location.
MotionPro™Secure Mobility
Securely connect devices and apps to enable business mobility and BYOD.
Business ContinuityContingency Licenses
Seamless, cost-effective burst remote access for planned and unplanned events.
AccessDirect SSL VPN remote access
Pure SSL “anytime-anywhere” browser-based access
Up to 256 virtual instances support multiple communities of interest - Business units, partners, guests, contractors
Scalable up to 128,000 concurrent users- Enables secure access
“enterprise-wide”
Range of access methods- Layer-3 client for trusted workers- Specific resources for unmanaged devices - Web portals for extranet partners
ApplicationsApplications
Users
SSL VPN security architecture
End Point SecurityHost Checking
Adaptive PoliciesSecure DesktopCache Cleaning
• Eliminates all elements of browser cache• Local sandbox prevents data leakage
SSL
AAA• Supports all industry
standards (AD, RADIUS, LDAP, SecureID)
• RSA certified• Unique SSL integration• Fine grain ACLs• L3, L4 and L7• External mapping• Black list and white list• Full audit trail• Who, what and when• Syslog support• Configurable email alerts
FW
Proxy
File Shares• Clientless
access to shared directories
• CIFS/NFS
Web Apps• Clientless Web
application support
Networks• Full L3 VPN• Any IP protocol• L4 redirection• Denial of Service (DoS) attack protection
• ACLs (Layer 4)• URL filtering (Layer 7)• Network probe logging
• All standard cipher-suites• Hardware-accelerated• 2048-bit key lengths• Client-side certificates
• Complete separation between non-secured and secured networks
Multiple communities of interest
Internet OnlyNetwork Access Application Access Quarantine
Engineering Finance Partners Guests
Portals are customizable to the look and feel and resource needs of each community of interest
Portals are customizable to the look and feel and resource needs of each community of interest
Each portal is fully partioned and independently manageable
Each portal is fully partioned and independently manageable
Etc.
Portal 1 Portal 2
Network Access
Portal 3 Portal 4 Portal 5
Large healthcare insurance provider- $40B in yearly revenue- Over 12M members
Why the need for SSL VPN?- Stove pipe secure access for various use cases was costly to
manage and too prone to inconsistencies and data leakage- IPsec was more expensive and less secure vs. SSL VPN
AG Series solution and benefits- Consolidated secure access for local and remote employees,
partners and guests on a unified platform- Demonstrable accountability for HIPAA compliance,
increased productivity for employees, partners and guests, and decreased cost and complexity
Humana – SSL VPN remote access
DesktopDirect remote desktop access
Thin-client RDP access over SSL- Data never leaves the network and never resides on end-user devices- Applications on office desktops usable from remote or mobile devices- Securely enables “bring your own…PC, laptop, tablet or smart phone”- Cost-effectively leverages existing investments in infrastructure, applications
and devices to rapidly scale productivity and enterprise mobility
Remote desktop access architecture
Ideal for boosting office worker productivity, ensuring business continuity and enabling secure mobility for business
tablets
smart phones
Securelyconnectto officedesktopsfrom anydevice,
anywhere.
WindowsVMview
physical desktops
virtual desktops andterminal services
pcs
laptops
Productivity and business continuity
OutbreaksNatural Disasters
Repairs & Deliveries
Sick Child Nights & Weekends
Home Working
Prevent Revenue Loss Maintain Productivity Grow Productivity
Provides a means for office workers (those without managed laptops and VPN access) to remain productive under any circumstance
Customer-owned community bank- 5 locations - Over $1B in assets
48x increase in mobile devices since 2007- Needed to quickly and cost-effectively provide access to bank
applications from tablets and laptops without risking data leakage- Selected DesktopDirect solution for BYOD, remote and mobile access
DesktopDirect impact on remote and mobile productivity- 11x unique users- 120x total hours spent- 10x time per user- No security issues, no additional IT staff required
Needham Bank – remote and mobile access
MotionPro secure mobile access
Enterprise application portal
Secure access to enterprise resources - Secure browser for Web resources- VPN on-demand for native apps- SDK for secure native app tunnels
Enterprise app store
Secure mobile access- Client security- App management- Device management
Part of an overall mobility strategy- Complements MDM
Secure application access
Secure Browser L7 Web apps launched
in secure browser
Only authorizedapplications may use the
VPN tunnel
Secure SDK for Native AppsNative apps developed withSDK will start L4 VPN tunnel
VPN on Demand for Native AppsConfigured native apps will start L3 VPN automatically
Client security
Trigger Pre-login, post-login, timer
Condition
Hardware Manufacturer, model, passcode
OS Type, version, jail-broken, rooted
App Black and white list, signed
ActionLock screen, terminate session, delete MotionPro
Alert user, prompt user, log message
Application and device management
Access Control Only managed apps may use VPN tunnel
Application Management
Portal All apps on enterprise app store
Install Whitelist apps installed automatically
Uninstall Managed apps
Device Management
Restore settings and passwords
Performed manually by administrator
MotionPro vs. MDM
MotionPro and 3rd party mobile device management (MDM) solutions are complementary
Both areneeded toenable an enterprisemobilitystrategy
MotionProprovides scalable
mobile VPNwith basic device
and applicationmanagement
MDM providesadvanced deviceand applicationmanagement
but they are not a VPN gateway
COPCP – HIPAA compliant mobility
Ohio’s largest physician-owned cooperative- Over 50 physician offices and over 200 physicians
Healthcare mobility requirements- BYOD strategy that provides physicians with
flexibility while also addressing IT requirements for security, manageability and cost
Benefits for physicians and IT- Renew prescriptions anytime, anywhere
and move seamlessly between exam rooms using iPads
- Reduces cost and complexity while improving productivity and compliance
Institutional research and brokerage firm- Founded in 1982, based in New York
Why the need for BYOD?- Employees bringing personal iPads to the office and
wanted access to corporate applications- Field employees wanted to use iPads instead
of laptops
Array AG impact on BYOD enablement- No user learning curve, no new passwords- $30K HW install vs. $300K SW upgrade - 3 week installation vs. 8 month project- One HA pair and one DR unit, that’s it!
Buckingham Research – BYOD
Business continuity contingency licenses
Array Business Continuity (ABC)- Scalable and affordable burst
capacity to meet the demands of planned and unplanned surge remote and mobile access
Affordable and flexible contingency license certificates- Available in 10-day denominations
and tiered sizes- Triggered by exceeding standard
user licenses and may be utilized in consecutive or non-consecutive 24-hour increments
Any mix of mobile and remote users- AccessDirect, DesktopDirect or MotionPro
Morgan Stanley – Business continuity
World’s 7th largest bank- $31B in revenue- 53,000 employees
DesktopDirect solution- 25+ appliances in 8 countries with 5 major data centers- 10,000 standard DesktopDirect user’s licenses - Peak capacity of 36,000 users via Business Continuity
licenses
January 2011- Massive snowstorm paralyzed the east coast- 12,000 users still were able to work using DesktopDirect- Prevented the loss of over $10M in productivity
AG Series product line
PHYSICAL & VIRTUAL APPLIANCES SCALING UP & OUT FOR
10,000 Concurrent UsersVMware, XenServer,
OpenXen
AG1000
300 Concurrent Users
AG1100
3000 ConcurrentUsers
AG1200
25,000 ConcurrentUsers
AG1600
128,000 ConcurrentUsers
AG1500
72,000 ConcurrentUsersAG1150
10,000 ConcurrentUsers
AG1000T
600 ConcurrentUsers
AG Series feature matrix
● = Standard AccessDirect DesktopDirect MotionProO = Optional SSL VPN
Remote AccessRemote
Desktop AccessSecure Mobile
Access
Clustering ● ● ●
WebUI ● ● ●
SSL & IPsec Encryption ● ● ●
Virtual Portals 5 Included 5 Included 5 Included
Web Applications ●
L3 VPN Client ●
Host Checking & Cache Cleaning ●
L4 Thin Client ●
Array Registration Technology ●
Wake-on-LAN ●
Enterprise App Store ●
L3 Mobile VPN ●
L4 SDK Tunneling ●
Secure Browser ●
Client, App & Device Security ●
Additional Virtual Portals O O O
Array Business Continuity O O O
Multi-Language WebUI ● ● ●
Superior security, scalability and flexibility
Up to 128,000 Concurrent Users
Up to 3 GbpsThroughput
Up to 256Virtual Gateways
AG SeriesSecure Access Gateways
Unmatched scalability- Consolidate remote and
mobile access for anentire workforce
- Absorb surge remote and mobile users
More secure- Minimize attack vectors- Simplify management to ensure consistent policies
Highly flexible - Integrated remote access, remote
desktop and secure mobile access- Support multiple communities of interest
including employees, partners and guests
Superior value of ownership and ROI
Small Medium Large Global
20% - 50% Less Expensive
Array
Competition
Superior Service & Support
$
Array AG vs. the competition
SMALL MEDIUM LARGE
AG1500Up to 72,000
concurrent users
Juniper MAG6611Up to 40,000
concurrent users
Array = 31% less expensive
Array = 32K more users
Array supports almost twiceas many users as Juniper and is almost one third less expensive.
Juniper MAG4610Array = 18% less
expensive for 1000 users
Array AG1100Up to 3000
concurrent users
Juniper MAG6610 Array = 25% less
expensive for 2000 users
Array AG1200Up to 25,000
concurrent users
Juniper MAG6610Array = 27% less
expensive for 11,000 users
Juniper MAG6611Array = 35% less
expensive for 22,000 users
Key takeaways
Scalable, intuitive secure access for supporting remote and mobile users
- Increase productivity- Mitigate business disruptions- Enable enterprise mobility and BYOD
Consolidated SSL VPN, remote desktopaccess and secure mobile access
- Minimizes attack vectors- Simplifies management- Ensures consistent policies- Streamlines the end-user experience
Cost-effective solution for mobilizingany size workforce while preventing attacks and data leakage
JUMP IN.THE MOBILE WATERSARE FINE.
Global satisfied customers
Securely connecting users and applications from anywhere to
anywhere in today’s global economy.
Mobile Now™ for BYOD All your business applications.None of the business risk.
AG series secure access gatewaysJump in. The mobile waters are fine.