More Related Content
Similar to Avaya identity engines overview (20)
More from Motty Ben Atia (20)
Avaya identity engines overview
- 2. © 2011 Avaya Inc. All rights reserved. 2
Scalable
Future-proof Wireless
Identity-based
Network Access Control
Optimised
For collaborative, real time
applications
Secure
Network & Device
security
Plan for Success…
with Avaya’s BYOD Solution
- 3. © 2011 Avaya Inc. All rights reserved. 3
What is Identity Engines?
Identity and Network Access Control (NAC) solution
Ensures consistent and predictable network access for managed and
unmanaged devices
Controls who can use the network to access which resources, when
and where they may do so
Supports any device, any network, any vendor
Centralised, out-of-line solution for maximum scalability and cost
effectiveness
Automated, standards-based
Software-only, highly available
Facilitates regulatory compliance
- 4. © 2011 Avaya Inc. All rights reserved. 44
Identity Engines
Authenticated Network Architecture
NETWORKABSTRACTIONLAYER
DIRECTORYABSTRACTIONLAYER
Reporting & Analytics
Posture Assessment
Guest Access Mgmt
Identity Engines
Access Portal
CASE Client
Policy
Enforcement Point
Policy
Decision Point
Policy
Information Point
- 5. © 2011 Avaya Inc. All rights reserved. 55
Identity Engines Portfolio
Highlights
Ignition Server - centralised policy
engine that performs authentication and
authorisation for clients attempting
network access
Guest Manager - allows front desk staff
to create temporary guest user accounts
Posture Compliance – integrates with
MS-NAP for managed client health
assessment
Analytics – presents network
authorization and authentication
information in a variety of summary and
detail formats
Access Portal – compliance checking
for un-managed devices e.g. BYOD
AdditionalApplications
CoreApplication
Ignition
Server
MS-NAP Posture
Compliance
Ignition Guest
Manager
Ignition
Analytics
Ignition Access
Portal
- 6. © 2011 Avaya Inc. All rights reserved. 66
Access Portal
– Captive Portal for wired and wireless access
from guest and BYOD
– Device Profiling and BYOD on-boarding
– Compliance checking leveraging C.A.S.E. and
MS-NAP
C.A.S.E. (Client for Accessing the
Secure Enterprise)
– Transient client for automating configuration of
managed and un-managed end-points to
participate in NAC
– Dissolvable client: option for revertible or non-
revertible deployment
GA date: April 30th 2012
Identity Engines - What’s New in 8.0?
Identity Engines r8.0
Best of Interop finalist
- 7. © 2011 Avaya Inc. All rights reserved. 7
Identity Engines Ignition Access Portal
Serves as a Captive Portal for non-802.1x clients
Performs device profiling
CASE Client for auto-config of 802.1x and MS-NAP
on Windows machines
Device On-boarding
Facilitates network access to guest
devices, non-802.1x devices,
BYOD on-boarding, and CASE
Client hosting.
A single license allows deployment
of multiple Access Portals for
different use against one Ignition
Server instance .
- 8. © 2011 Avaya Inc. All rights reserved. 88
Identity Engines Ignition Access Portal
Multiple Guest Managers may
be deployed against a single
instance of the Ignition Server
Device Profiling
– Administrator will be able to
set the Access Portal to
perform device profiling of
wired and wireless devices
– Device fingerprinting:
– Devices Type, Devices Sub-Type, Device OS, Devices OS Version
– Devices attributes are sent to the Ignition Server for registration and association with user
BYOD On-boarding
– Auto-register of Guest Visitor and Employee Guest devices
– Device profiling of registering devices
– Auto-association of devices with guest / employee records in Ignition Server
– Populating device records in Ignition Server with device profile attributes
- 9. © 2011 Avaya Inc. All rights reserved. 99
CASE Client for Accessing the Secure Enterprise
– Transient client to automate configuration of managed and guest’s un-
managed endpoint devices to participate in Network Access Control
– CASE auto-configuration of 802.1x on Windows devices
– CASE auto-configuration of MS-NAP on Windows devices
Identity Engines Ignition CASE Client
- 10. © 2011 Avaya Inc. All rights reserved. 1010
Identity Engines Use Cases
Corporate Governance and Compliance
BYOD access control
Reducing OPEX through automation
Simplified Guest Access by the front desk
Validated remote access for non-corporate
devices (Teleworker, Disaster Recovery etc)
M&A: integrating access policies and identities
from different organisations
Authorised Fixed Assets (e.g. phones, printers,
health monitors etc.)
- 11. © 2011 Avaya Inc. All rights reserved. 1111
Enhanced Security
Granular Control
Reduced Costs
Simplicity
Flexibility
Regulatory Compliance
Identity Engines Conclusion
Secure Network Access for all users,
all devices, all the time
- 12. © 2011 Avaya Inc. All rights reserved. 1212
Resources
Collateral
– Brochures, Technical Configuration Guides etc.
– BYOD customer presentation and white paper
– Look in the Identity Engines Portal
Sales and Technical Support
– Your local Avaya Networking Sales, CAM or TechOps contacts
30-Days Free Trial
– ID Engines FULLY featured at URL: www.avaya.com/identitytr
– All modules are included
– Upgrade to production deployment simply by applying purchased licenses
– Long term lab licenses available from
Avaya Product Management –
ask your regular Avaya contact