Juniper Add 2500 Simultaneous Users SA6000 SA6000-ADD-2500U Datenbogen
Produktcode
SA6000-ADD-2500U
Page
Access Privilege Management Capabilities
The SA 6000 appliance provides dynamics access privilege management capabilities without infrastructure changes, custom development, or
software deployment/maintenance. This facilitates the easy deployment and maintenance of secure remote access, as well as secure extranets and
intranets. When a user logs in to the SA 6000, they pass through a pre-authentication assessment, and are then dynamically mapped to the session
role that combines established network, device, identity and session policy settings. Granular resource authorization policies further ensure exact
compliance to security strictures.
compliance to security strictures.
Features
Benefits
Hybrid role- / resource-based policy model
Administrators can tailor access to dynamically ensure that security policies reflect changing business requirements
Pre-authentication assessment
Network and device attributes, including presence of Host Checker/Cache Cleaner, source IP, browser type and digital certificates, can be
examined even before login is allowed and results are used in dynamic policy enforcement decisions
examined even before login is allowed and results are used in dynamic policy enforcement decisions
Dynamic authentication policy
Leverages the enterprise’s existing investment in directories, PKI, and strong authentication, enabling administrators to establish a
dynamic authentication policy for each user session
dynamic authentication policy for each user session
Dynamic role mapping
Combines network, device and session attributes to determine which of three different types of access is allowed, enabling the adminis-
trator to provision by purpose for each unique session
trator to provision by purpose for each unique session
Resource authorization
Enables extremely granular access control to the URL, server, or file level to tailor security policies to specific resources
Granular auditing and logging
Fine-grained auditing and logging capabilities in a clear, easy-to-understand format can be configured to the per-user, per-resource, and per-
event level. Auditing and logging features can be used for security purposes as well as capacity planning
event level. Auditing and logging features can be used for security purposes as well as capacity planning
Custom expressions
Advanced software feature set
Advanced software feature set
Enables the dynamic combination of attributes on a “per-session” basis, at the role definition/mapping rules and
the resource authorization policy level
the resource authorization policy level
Web-based Single Sign-On
BASIC Auth & NTLM
BASIC Auth & NTLM
Alleviates the need for end users to enter and maintain multiple sets of credentials for web-based and Microsoft applications
Web-based Single Sign-On Forms-based,
Header Variable-based, SAML-based
Advance software feature set
Header Variable-based, SAML-based
Advance software feature set
In addition to BASIC Auth and NTLM SSO, the advanced feature set provides the ability to pass user name, credentials and other customer
defined attributes to the authentication forms of other products and as header variables, to enhance user productivity and provide a
customized experience. SAML-based integration for authentication and authorization
defined attributes to the authentication forms of other products and as header variables, to enhance user productivity and provide a
customized experience. SAML-based integration for authentication and authorization
End-to-End Layered Security
The SA 6000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls.
These include:
These include:
Features
Benefits
Native Host Checker
Client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or restrict-
ing network ports; checking files/process and validating their authenticity with MD5 hash checksums. Performs version checks on security
applications, and carries out pre-authentication checks and enforcement. Enables enterprises to write their own host check method to
customize the policy checks. Resource access policy for non-compliant endpoints is configurable by the administrator.
ing network ports; checking files/process and validating their authenticity with MD5 hash checksums. Performs version checks on security
applications, and carries out pre-authentication checks and enforcement. Enables enterprises to write their own host check method to
customize the policy checks. Resource access policy for non-compliant endpoints is configurable by the administrator.
Host Checker API
Created in partnership with best-of-breed endpoint security vendors, enables enterprises to enforce an endpoint trust policy for managed
PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints
PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints
Host Check Server Integration API
Enables enterprises to deliver and update third party security agents from the SA 6000, which reduces public-facing infrastructure, en-
ables consolidated reporting of security events, and enables policy-based remediation of non-compliant clients
ables consolidated reporting of security events, and enables policy-based remediation of non-compliant clients
Policy-based enforcement
Allows the enterprise to establish trustworthiness of non-API-compliant hosts without writing custom API implementations, or locking out
external users such as customers or partners that run other security clients
external users such as customers or partners that run other security clients
Hardened security appliance and Web
server
server
Hardened security infrastructure, audited by 3rd party security experts including CyberTrust, effectively protects internal resources and
lowers total cost of ownership by minimizing the risk of malicious attacks
lowers total cost of ownership by minimizing the risk of malicious attacks
Security services employ kernel-level packet
filtering and safe routing
filtering and safe routing
Ensures that unauthenticated connection attempts, such as malformed packets or DOS attacks are filtered out
Custom expressions
Advanced software feature set
Advanced software feature set
Enable the dynamic combination of attributes on a “per-session” basis, at the role definition/mapping rules and
the resource authorization policy level
the resource authorization policy level
Secure Virtual Workspace
Ensures complete data confidentiality with a secure and separate environment for remote sessions that is controlled from copying, print-
ing, or storing data onto an unmanaged PC
ing, or storing data onto an unmanaged PC
Cache Cleaner
All proxy downloads and temp files installed during the session are erased at logout, ensuring that no data is left behind
Data Trap & cache controls
Prevents sensitive meta-data (cookies, headers, form entries, etc) from leaving the network, and allows for rendering of content in a non-
cacheable format
cacheable format
Integrated Malware Protection
Enables customers to provision endpoint containment capabilities and secure the endpoint either prior to granting access or during the
user session for comprehensive network protection
user session for comprehensive network protection
Coordinated threat control
Enables Juniper’s Secure Access SSL VPN and IDP appliances to tie the session identity of the SSL VPN with the threat detection
capabilities of IDP to effectively identify, stop, and remediate both network and application-level threats within remote access traffic
capabilities of IDP to effectively identify, stop, and remediate both network and application-level threats within remote access traffic
Performance Scalability
The SA 6000 hardware platform is specifically designed to accommodate large numbers of users with complex application needs, and provides
application performance optimization via compression algorithms and hardware-based SSL acceleration. These features allow the appliance to
process large, simultaneous transaction loads while minimizing perceptible latency to users.
process large, simultaneous transaction loads while minimizing perceptible latency to users.
Features
Benefits
Built-in SSL acceleration
Offloads compute-intensive encrypt/decrypt process from the CPU, enhancing performance
GBIC-based ports with flexibility to select
SX, LX and Copper based GBIC interfaces
SX, LX and Copper based GBIC interfaces
Fully redundant / meshed configuration of SSL VPN appliances with multiple load balancers for optimized uptime
Dual Gigabit Ethernet interfaces
Enables strong performance in the highest speed enterprise networks
Clustering
Cluster pairs or multi-unit clusters can be deployed across the LAN or across the WAN for superlative scalability with a large number of
user licenses, which scales access as the user base grows
user licenses, which scales access as the user base grows