Juniper 80GB SA6500 UNIV-80G-HDD Datenbogen
Produktcode
UNIV-80G-HDD
5
Table 3: Access Privilege Management Features and Benefits
Feature
Feature Description
Benefits
UAC-SA federation
Seamlessly provision SA Series user sessions into Juniper
Networks Unified Access Control upon login—or the
alternative (provisioning of UAC sessions into the SA
Series). Users need to authenticate only one time to get
access in these types of environments.
Networks Unified Access Control upon login—or the
alternative (provisioning of UAC sessions into the SA
Series). Users need to authenticate only one time to get
access in these types of environments.
Provides users—whether remote or local—seamless
access with a single login to corporate resources that are
protected by access control policies from UAC or the SA
Series.
Simplifies the end user experience.
access with a single login to corporate resources that are
protected by access control policies from UAC or the SA
Series.
Simplifies the end user experience.
Certificate authentication to
backend servers
backend servers
Enables customers to enforce client authentication on
their secure backend servers, and allows the SA Series to
present an administrator-configured certificate to these
servers for authentication.
their secure backend servers, and allows the SA Series to
present an administrator-configured certificate to these
servers for authentication.
Allows customers to mandate strict SSL policies on their
backend servers by configuring client authentication.
backend servers by configuring client authentication.
Client certificate
authentication for ActiveSync
authentication for ActiveSync
Any mobile device supporting ActiveSync, along with
client-side certificates, can now be challenged by the SA
Series for a valid client certificate before being allowed
access to the ActiveSync server.
client-side certificates, can now be challenged by the SA
Series for a valid client certificate before being allowed
access to the ActiveSync server.
Enables the administrator to enforce strict mobile
authentication policies for ActiveSync access from
mobile devices.
authentication policies for ActiveSync access from
mobile devices.
Multiple sessions per user
Allows remote users to launch multiple sessions to the
SA Series appliance.
SA Series appliance.
Enables remote users to have multiple authenticated
sessions open at the same time.
sessions open at the same time.
User-record synchronization
Supports synchronization of user records such as user
bookmarks across different standalone (non-clustered)
SA Series appliances.
bookmarks across different standalone (non-clustered)
SA Series appliances.
Ensures ease of experience for users who often travel
from one region to another and therefore need to
connect to different SA Series appliances.
from one region to another and therefore need to
connect to different SA Series appliances.
Virtual Desktop Infrastructure
(VDI) support
(VDI) support
Allows interoperability with VMware View Manager to
enable administrators to deploy virtual desktops with the
SA Series appliances.
enable administrators to deploy virtual desktops with the
SA Series appliances.
Provides seamless access to remote users to their virtual
desktops hosted on VMware servers. Provides dynamic
delivery of the VMware View Client, including dynamic
client fallback options to allow users to easily connect to
their virtual desktops.
desktops hosted on VMware servers. Provides dynamic
delivery of the VMware View Client, including dynamic
client fallback options to allow users to easily connect to
their virtual desktops.
ActiveSync feature
Provides secure access connectivity from mobile devices
(such as mobile devices running Symbian, Windows
Mobile, iOS, or Android) to the Exchange server with no
client software installation.
Enables up to 5,000 simultaneous sessions on the
SA6500.
(such as mobile devices running Symbian, Windows
Mobile, iOS, or Android) to the Exchange server with no
client software installation.
Enables up to 5,000 simultaneous sessions on the
SA6500.
Enables customers to allow a large number of users—
including employees, and authorized contractors and
partners—to access corporate resources through mobile
devices via ActiveSync.
including employees, and authorized contractors and
partners—to access corporate resources through mobile
devices via ActiveSync.
Mobile-friendly SSL VPN login
pages
pages
Provides predefined HTML pages that are customized for
mobile devices, including Apple iPhones and iPad, Google
Android, and other mobile devices.
mobile devices, including Apple iPhones and iPad, Google
Android, and other mobile devices.
Provides mobile device users with a simplified and
enhanced user experience with Web pages customized to
their device types.
enhanced user experience with Web pages customized to
their device types.
Dynamic role mapping with
custom expressions
custom expressions
Combines network, device, and session attributes to
determine which types of access are allowed. A dynamic
combination of attributes on a per-session basis can be
used to make the role mapping decision. Customized
variables as well as FASC-N attributes are supported.
determine which types of access are allowed. A dynamic
combination of attributes on a per-session basis can be
used to make the role mapping decision. Customized
variables as well as FASC-N attributes are supported.
Enables the administrator to provision by purpose for
each unique session.
each unique session.
resource authorization
Provides extremely granular, differentiated access control
to the UrL, server, or file level for users based on their
different roles.
to the UrL, server, or file level for users based on their
different roles.
Allows administrators to tailor security policies to specific
groups and user roles, providing authorized access only to
essential data.
groups and user roles, providing authorized access only to
essential data.
Granular auditing and logging
Can be configured to the per-user, per-resource, and
per-event level for security purposes as well as capacity
planning.
per-event level for security purposes as well as capacity
planning.
Provides fine-grained auditing and logging capabilities in
a clear, easy-to-understand format.
Suitable for regulatory compliance and associated
audits.
a clear, easy-to-understand format.
Suitable for regulatory compliance and associated
audits.
Flexible Single Sign-On (SSO) Capabilities
The SA2500, SA4500, and SA6500 offer comprehensive SSO features. These features increase end user productivity and quality of
experience, greatly simplify administration of large diverse user resources, and significantly reduce the number of help desk calls.
experience, greatly simplify administration of large diverse user resources, and significantly reduce the number of help desk calls.
Table 4: Flexible Single Sign-on Features and Benefits
Feature
Feature Description
Benefits
Kerberos Constrained
Delegation
Delegation
Provides support for Kerberos Constrained Delegation
protocol. When a user logs in to the SA Series with
a credential that cannot be proxied through to the
backend server, the SA Series appliance retrieves a
Kerberos ticket on behalf of the user from the Active
Directory infrastructure. The ticket is cached on the SA
Series appliance throughout the session. When the user
accesses Kerberos-protected applications, the SA Series
uses the cached Kerberos credentials to log the user into
the application without prompting for a password.
protocol. When a user logs in to the SA Series with
a credential that cannot be proxied through to the
backend server, the SA Series appliance retrieves a
Kerberos ticket on behalf of the user from the Active
Directory infrastructure. The ticket is cached on the SA
Series appliance throughout the session. When the user
accesses Kerberos-protected applications, the SA Series
uses the cached Kerberos credentials to log the user into
the application without prompting for a password.
Eliminates the need for companies to manage static
passwords, resulting in reduced administration time and
costs.
passwords, resulting in reduced administration time and
costs.