Avaya Identity Engines r8 april 2012


Published on

Avaya Identity Engines is an identity and Network Access Control Solution (NAC). It puts you in control of your network. Who may access and which reasources, when and where may they use it!!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • © 2009 Avaya Inc. All rights reserved.
  • Consumer wireless devices (smart phones, tablets, net-books and laptops) use in the enterprise is increasing rapidly. In particular, the explosive growth and superior performance of the Apple iPad and iPhone has transformed mobile computing and in large part created the BYOD (Bring Your Own Devices) phenomena. Users love their devices and want to use them for business purposes…. they are the ones driving change. iPad and iPhone have transformed enterprise mobility: 80% of Fortune 100 have adopted iPad 88% of the Fortune 100 companies are now deploying iPhones 50% of FTSE 100 are using iPhones 20% of Fortune 100 have 10k or more iPhones By 2015, applications development will be on a ratio of 4:1 for Mobile versus PC ( Gartner Symposium 2011, Oct 2011) iPads and Beyond: Top 10 Business Applications for Tablets” session: discusses how users and “the business” are bypassing IT. Hypothesis under research “By 2014, new IT spending by the CMO will be greater than new IT spending by the IT organization” Gartner Symposium 2011, Oct 2011 © 2009 Avaya Inc. All rights reserved.
  • BYOD is not going away. It is not about saying no ….. It’s about figuring out how to say yes and embrace it, WHILE ensuring IT remains in control and providing users optimal end user experience. © 2009 Avaya Inc. All rights reserved.
  • IAUG IT Survey – November 2011 40% welcome personal devices today and are adopting very quickly Additional 47% of IT people surveyed say they’re allowing iPads but being cautious <12% are flat out not admitting the devices in. 70% say that security is the biggest issue 65% say that LOB are driving the adoption 37% think that if they don’t adopt, their company will fall behind 24% would choose vendors like Avaya for “one stop shopping” 33% are more willing to create own solutions from various vendors. (need to vet) Other stats: 72% of organizations are permitting the use of employee-owned devices for business purposes. (Aberdeen Group, March 2011 study ‘Enterprise Mobile Management 2011: Mobility becomes Core IT’) © 2009 Avaya Inc. All rights reserved.
  • BYOD brings with it a number of risks and rewards. The key is to understand and mitigate the risks through up-front planning so the rewards can be realized. For employers whose networks are ready to support the surge in wireless traffic, the “bring your own device” revolution promises huge gains in productivity, mobility and cost savings, all on devices purchased not by businesses themselves, but their employees. BYOD challenges : IT compliance : Essential that the IT department has complete visibility, control and management over who is accessing the corporate network, when, and what they’re doing. The days of an equal numbers of employees and wireless connections are over. Today, every person in an organization brings multiple wirelessly-enabled devices to work. Identifying, granting the appropriate access and monitoring these devices can be a significant expense and can cause IT departments regular headaches. Allowing managers to quickly and efficiently add devices to the network and control the access level for devices is critical to keeping the network running smoothly. Every wireless and wired network needs strict network access control (NAC) and an ability to scale the breadth of that control. Failure to garner such control will lead to a network that is quickly clogged with devices and sunk by bandwidth leakages. Network Capacity : Nowhere is the impact of BYOD felt more than on enterprise wireless networks. Smart devices today have the processing power of laptops from just a few years ago, and every new generation is faster and more bandwidth-hungry than the last. The number of wireless devices on enterprise networks is increasing at an amazing pace. Today’s average enterprise network user carries four wireless devices, many of which are capable of processing high-quality, real-time applications such as video conferencing. Most wireless networks were simply not designed to cope with this kind of demand. 40% growth in enterprise WLANs in Q2 2011 attributable to the BYOD trend and the skyrocketing popularity of Apple iPad, ( Dell Oro) iPads change economics and speed of WiFi (NY Times article) Security : The top concern for IT managers in supporting BYOD is security (70% IAUG survey) As if equipping enterprise networks to handle an increasing and revolving number of wireless devices wasn’t challenging enough, every new device brings with it the possibility of malware, viruses and other programs that could damage or disrupt the corporate network. Because wireless networks are open by nature, they are naturally susceptible to piracy by users outside the enterprise, which can lead to performance degradation, security breaches and can cause other problems. 4. Quality of Service : The applications running on BYOD devices, such as tablets, are different than the applications that ran on devices such as the PC. There are more multimedia, collaborative applications (voice & video) running on iPads. Smart devices are more powerful than ever, and their capabilities will only grow over time. Guaranteeing Quality of Service (QoS) on wireless devices is critical for businesses that want to realize the full benefits of the BYOD revolution. The tools to set traffic rules and prioritize network flow to ensure optimal QoS on mobile and smart devices are critical to any IT manager’s toolbox. The ability to assign different devices to specific service classes reduces the risk of service interruption and assures high-priority users receive high-quality service. The ability to regulate applications in a similar way can prevent secondary or tertiary applications from consuming undue amounts of bandwidth © 2009 Avaya Inc. All rights reserved.
  • BYOD does not have to be Bring Your Own Difficulties. Avaya BYOD solution has been built with the future in mind, providing maximum flexibility and access for users while keeping IT managers firmly in control of who is on the network and how that network is administered and secured. As smart devices become more capable of running high-quality, high-bandwidth applications, Avaya solution enable enterprise networks to seamlessly shift and grow to meet increased wireless demand. Optimized for real-time applications, Avaya WLAN solution deliver wired performance to wireless devices while providing the advanced capabilities administrators need to ensure sensitive data is protected and the networked is secured. © 2009 Avaya Inc. All rights reserved.
  • Identity Engines is a Network Access Control security solution that provides best-in-class policy management and role-based access across wired, wireless and VPN networks. It is important to note that it is a vendor-agnostic solution and as such supports networking infrastructures and identity stores from any vendor. It is an open solution, supporting major standards including 802.1X, RADIUS, XACML ( eXtensible Access Control Markup Language ) , TNC or Trusted Network Connect and Microsoft NAP. Its strengths lie in its ability to support granular hierarchical polices based on multiple attributes including user identity, health of device, day of the week, time of day, and access method, such as whether the user connects over wired or wireless. In addition, it has full support for “and” & “or” amongst the variables, meaning that the number of attribute permutations are virtually endless. If there’s an attribute out there, chances are, with Identity Engines, organizations can create a policy around it. In addition it delivers an enterprise-wide guest management system, ensuring safe access to guest users. It also provides full reporting capabilities to keep in alignment with corporate regulations. Finally, it is an out-of-band solution which serves to maximize scalability and cost effectiveness
  • © 2009 Avaya Inc. All rights reserved.
  • Standards-based NAC solution that delivers best-in-class policy management and role-based access across wired, wireless and VPN networks Supports granular, hierarchical policies based on multiple attributes (e.g., user identity, health of device, day of the week, time of day, access method) with full support for “and” and “or” Delivers an enterprise-wide guest management solution and reporting capabilities Components: Identity Engines Ignition Server – centralized policy engine that performs user and context-based authentication and authorization for clients attempting network access Identity Engines MS-NAP Posture Compliance – performs device health assessments to ensure that endpoints comply with security policies Identity Engines Ignition Guest Manager – allows front desk staff to create temporary guest user accounts Identity Engines Ignition Access Portal – performs clientless device health assessments for unmanaged devices Identity Engines Ignition Analytics – delivers at-a-glance reports highlighting user info, failed authentications, usage summaries, etc. The biggest and most important 7.0 feature is Identity Engines’ integration with Microsoft Network Access Protection, or NAP. NAP is Microsoft’s Network Access Control solution which leverages a NAP client to perform health checking on endpoint PCs. This NAP client is an embedded Windows client on XP SP3 PCs and higher and as a result leverages the base operating system so no installation is required. This client works with the Avaya Identity Engines Ignition Server to ensure that end users’ PCs have the appropriate personal firewall, antivirus and anti-spyware software running to ensure security and prevent attacks. NAP runs currently on Windows 7, Vista, and XP on both 32 and 64 bit. Since other vendors are developing NAP System Health Agents for non Windows Operating Systems, eventually NAP will be extended to address the needs of enterprises with Mac OSX and Linux. In other words, this solution is open, ensuring investment protection. To enable the Microsoft NAP functionality, the customer will need to purchase a single NAP integration license to be added to the Ignition Server, which is applied to all end users’ PCs. As such, customers do not need to pay by end point.
  • Guest access used to be an all-or-nothing proposition: your options were to lock down your network, preventing guests from entering, or leave it wide open, allowing any wireless user in the vicinity to tap in, consuming your resources. But that’s no longer the case. With a Nortel Identity Engines solution, you can control who enters, where in the network you’ll allow them to go and for what period of time. And it’s easy to do, requiring only that a quick template be filled out — no technical expertise and/or resources are required, and it can be done in real time. Guests receive a user ID on the spot and a password is sent to their cell phone or BlackBerry. They’re then authorized to enter. Validated remote access The Identity Engines portfolio allows you to perform posture assessments on remote devices to ensure they’re equipped with valid antivirus software, updates, a personal firewall, etc. You might stipulate that employees not have access to everything they can access while in the office – too much potential for sensitive materials to be compromised. You might also set a different policy if an employee is at home as opposed to, say, at an airport kiosk, or for different times of day. Again: it’s all about who, where, when, how and with what type of device. With an Identity Engines solution, it’s all in your control. Authorized fixed assets An Identity Engines solution allows you to define authorized fixed assets or non-interactive devices –IP phones, printers and fax machines. You can conduct MAC-level authentication to ensure that only authorized devices connect to the network and connect where they’re expected to connect. This prevents intruders from simply unplugging a printer and accessing the network and prevents employees from bringing in their own wireless access points and sharing network services, thereby compromising network security.
  • Vastly improves network access security and availability resulting in improved productivity, business continuity and regulatory compliance Enforces security policy compliance before role-based network connection Continuous end-point security checking and visibility of users and devices Proactive protection against worms, viruses, spyware, and malware Reduces Costs Competitive priced for lower CAPEX with simple, affordable licencing OPEX savings through dynamic port/VLAN changes Supports customers’ current network infrastructures and identity stores Offers investment protection via standards-based solution Enhances Security Role-based, centralised access control across the network Secured guest access and BYOD Simplicity Easy to evaluate, install, configure and use No special clients, protocols, switch upgrades or in-line appliances Flexible Highly scalable, cost effective Any device, any network, any vendor, any policy Regulatory Compliance Full network visibility with comprehensive reporting and analytics Reduces Costs Lowers incident frequency and recovery costs No costly client software installation on every device Centralized management and out-of-path deployment Automated device quarantine, remediation and repair Provides deployment flexibility, integration and investment protection Open integration with any third-party endpoint security application Integrates with Avaya and 3rd party LAN switches Supports wide range of devices and OS, including IP phones and printers
  • Avaya Identity Engines r8 april 2012

    1. 1. Avaya Identity Engines r8.0Allowing Network Access without compromising Security
    2. 2. Agenda Introduction to BYOD Is BYOD a Risk or Reward? The Avaya BYOD infrastructure solution Avaya Identity Engines Value Proposition© 2011 Avaya Inc. All rights reserved. 2
    3. 3. Office Tools started here: Then came this!© 2011 Avaya Inc. All rights reserved. 3
    4. 4. The rest is history… 100 000 Android apps 350 000 iPhone apps 75 000 000 Tablets in 2012 800 000 000 Smartphones 1 200 000 000 Social Media Users  Tablet market $45B by 2014 – Yankee 2011  50% Enterprise users interested in or using consumer applications – Yankee 2011  Smartphone app revenue to triple by 2014 – Yankee 2011TIME’s Person of the Year: YOU © 2011 Avaya Inc. All rights reserved. 4
    5. 5. It is not About Saying No!! It is about saying YES! but…staying on controlNO you cannot bring your iPadNO you cannot connect outdoorNO you cannot bring your fancy laptopNO you cannot do video conferencing YES bring your own iPad YES you are welcome to do mobile collaboration YES you are welcome to use virtual desktop YES you are welcome to use Wifi VOIP© 2011 Avaya Inc. All rights reserved. 5
    6. 6. Will you support BYOD? IAUG survey: 88% adopting personal devices / allowing iPads today!© 2011 Avaya Inc. All rights reserved. 6
    7. 7. Is BYOD a Risk or Reward? Risk Reward• Security • Increased risk of financial and • Reduced CAPEX information exposure • Employer does not have to pay • Guest access for device • IT Compliance • Who gets on? To do what? To go where? • Increased Employee and• Network Capacity and QoS Business Partner Productivity • Using latest and greatest • Multiple devices, high devices they are familiar with bandwidth and prioritisation • Devices they WANT to use• Higher OPEX • True mobility • Supporting myriad of devices can be more complex© 2011 Avaya Inc. All rights reserved. 7
    8. 8. Plan for Success… with Avaya’s BYOD SolutionIdentity-based ScalableNetwork Access Control Future-proof Wireless Secure Optimised Network & Device For collaborative, real time security applications © 2011 Avaya Inc. All rights reserved. 8
    9. 9. What is Identity Engines? Identity and Network Access Control (NAC) solution Ensures consistent and predictable network access for managed and unmanaged devices Controls who can use the network to access which resources, when and where they may do so Supports any device, any network, any vendor Centralised, out-of-line solution for maximum scalability and cost effectiveness Automated, standards-based Software-only, highly available Facilitates regulatory compliance© 2011 Avaya Inc. All rights reserved. 9
    10. 10. Identity EnginesAuthenticated Network Architecture Policy Policy Policy Enforcement Point Decision Point Information Point DIRECTORY ABSTRACTION LAYER NETWORK ABSTRACTION LAYER Guest Access Mgmt Posture Assessment Reporting & Analytics Access Portal CASE Client Identity Engines© 2011 Avaya Inc. All rights reserved. 10
    11. 11. Identity Engines Portfolio Core Application Highlights Ignition Server  Ignition Server - centralised policy engine that performs authentication and authorisation for clients attempting network access Ignition Guest  Guest Manager - allows front desk staff Manager to create temporary guest user accountsAdditional Applications  Posture Compliance – integrates with MS-NAP MS-NAP for managed client health Posture assessment Compliance Ignition  Analytics – presents network Analytics authorization and authentication information in a variety of summary and detail formats Ignition Access Portal  Access Portal – compliance checking for un-managed devices e.g. BYOD © 2011 Avaya Inc. All rights reserved. 11
    12. 12. Identity Engines - What’s New in 8.0? ccess Portal – Captive Portal for wired and wireless access from guest and BYOD – Device Profiling and BYOD on-boarding – Compliance checking leveraging C.A.S.E. and MS-NAP .A.S.E. (Client for Accessing the Secure Enterprise) Identity Engines r8.0 Best of Interop finalist – Transient client for automating configuration of managed and un-managed end-points to participate in NAC – Dissolvable client: option for revertible or non- revertible deployment A date: April 30th 2012© 2011 Avaya Inc. All rights reserved. 12
    13. 13. Identity Engines Ignition Access Portal Facilitates network access to guest  Serves as a Captive Portal for non-802.1x clients devices, non-802.1x devices, BYOD on-boarding, and CASE  Performs device profiling Client hosting.  CASE Client for auto-config of 802.1x and MS-NAP A single license allows deployment on Windows machines of multiple Access Portals for  Device On-boarding different use against one Ignition Server instance . © 2011 Avaya Inc. All rights reserved. 13
    14. 14. Identity Engines Ignition Access Portal Multiple Guest Managers may be deployed against a single instance of the Ignition Server Device Profiling – Administrator will be able to set the Access Portal to perform device profiling of wired and wireless devices – Device fingerprinting: – Devices Type, Devices Sub-Type, Device OS, Devices OS Version – Devices attributes are sent to the Ignition Server for registration and association with user BYOD On-boarding – Auto-register of Guest Visitor and Employee Guest devices – Device profiling of registering devices – Auto-association of devices with guest / employee records in Ignition Server – Populating device records in Ignition Server with device profile attributes © 2011 Avaya Inc. All rights reserved. 14
    15. 15. Identity Engines Ignition CASE Client CASE Client for Accessing the Secure Enterprise – Transient client to automate configuration of managed and guest’s un- managed endpoint devices to participate in Network Access Control – CASE auto-configuration of 802.1x on Windows devices – CASE auto-configuration of MS-NAP on Windows devices© 2011 Avaya Inc. All rights reserved. 15
    16. 16. Identity Engines Use Cases Corporate Governance and Compliance BYOD access control Reducing OPEX through automation Simplified Guest Access by the front desk Validated remote access for non-corporate devices (Teleworker, Disaster Recovery etc) M&A: integrating access policies and identities from different organisations Authorised Fixed Assets (e.g. phones, printers, health monitors etc.)© 2011 Avaya Inc. All rights reserved. 16
    17. 17. Identity Engines Conclusion Enhanced Security Granular Control Reduced Costs Simplicity Flexibility Regulatory Compliance Secure Network Access for all users, all devices, all the time© 2011 Avaya Inc. All rights reserved. 17
    18. 18. Back-up Slides© 2011 Avaya Inc. All rights reserved. 18
    19. 19. Part Codes and Pricing (Subject to change!!!)Part Code Virtual Appliances MSRPEB1639193 Ignition Server LARGE*. Virtual Appliance Software for VMware ESXi $23,952EB1639194 Ignition Server SMALL*. Virtual Appliance Software for VMware ESXi $13,535 Software ModulesEB1639195 Ignition Guest Manager (requires Ignition Server) $20,827EB1639196 Ignition Analytics (requires Ignition Server) $20,827EB1639197 TACACS+ module $13,535EB1639236 MS-NAP Posture Compliance for Ignition Server LARGE* $31,245EB1639237 MS-NAP Posture Compliance for Ignition Server SMALL* $15,620EB1639241 Access Portal for LARGE* Ignition Server. Includes CASE $20,828EB1639242 Access Portal for SMALL* Ignition Server. Includes CASE $13,537 Solution BundlesEB1639232 BRONZE HA Bundle (includes 2 x Ignition Servers SMALL*) $24,990EB1639233 SILVER HA Bundle (incl. 2 x Ignition Servers LARGE* & Ignition Guest Manager) $62,495 GOLD HA Bundle (incl. 2 x Ignition Servers LARGE*, Guest Manager, &EB1639234 $79,162 Analytics)EB1639235 WLAN Guest Management Starter Kit (Lite*) $2,079EB1639A29E5 BYOD Kit: Enterprise & Guest Access LITE* $6,625EB1639A30E5 BYOD Kit: Enterprise & Guest Access SMALL* $27,150EB1639A31E5 BYOD Kit: Enterprise & Guest Access LARGE* $50,549*LITE= 5 Authenticators; SMALL = 20 Authenticators; LARGE = Unrestricted Authenticators © 2011 Avaya Inc. All rights reserved. 19
    20. 20. Resources Collateral – Brochures, Technical Configuration Guides etc. – BYOD customer presentation and white paper – Look in the Identity Engines Portal Sales and Technical Support – Your local Avaya Networking Sales, CAM or TechOps contacts 30-Days Free Trial – ID Engines FULLY featured at URL: www.avaya.com/identitytr – All modules are included – Upgrade to production deployment simply by applying purchased licenses – Long term lab licenses available from Avaya Product Management – ask your regular Avaya contact© 2011 Avaya Inc. All rights reserved. 20
    21. 21. Channel Partner Opportunity A flexible NAC solution – Standards-based – Works with any vendor’s network – Works with any existing identity stores Very cost competitive – Little investment required Opportunity with every LAN and WLAN sale – Every customer needs NAC to enforce compliance – BYOD is driving new opportunities Offers differentiation in the market – Combine with Avaya WLAN 8100 for a compelling BYOD infrastructure solution© 2011 Avaya Inc. All rights reserved. 21
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.