1 / 29

Aladdin Knowledge Systems November 2005

Aladdin eToken Solutions for Cisco Integrated Services Routers Cisco VPN Client Cisco Identity-Based Networking. Aladdin Knowledge Systems November 2005. Agenda. Aladdin Overview Solutions Overview eToken Solutions: Snapshot: About eToken Aladdin eToken & Cisco ISR

raisie
Download Presentation

Aladdin Knowledge Systems November 2005

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Aladdin eToken Solutions forCisco Integrated Services RoutersCisco VPN ClientCisco Identity-Based Networking Aladdin Knowledge Systems November 2005

  2. Agenda • Aladdin Overview • Solutions Overview • eToken Solutions: • Snapshot: About eToken • Aladdin eToken & Cisco ISR • Token Management System (TMS) • Cisco ECT & eToken Solution • eToken Password Management • Aladdin eToken & Cisco VPN • Online Demo of ISR provisioning and secure VPN access

  3. Aladdin Knowledge Systems (NASDAQ: ALDN) is a global provider of software protection and network security solutions since 1985. With a distribution network of more than50 partners in over five continents,Aladdin providesunmatched service and support to its customers.

  4. Aladdin Product Lines Software Digital Rights Management Enterprise Security Identifies who users are Ensures safe access to content Controls what users can do • Comprehensive solution for software vendors’ protection and licensing needs • Hardware or software-based • Portable device for two-factor authentication, password and digital identity management • Robust enterprise management • Gateway-based anti-virus protection & content security • Web browsing security with anti-spyware & application filtering • Proactive email security with spam management

  5. Overview of Aladdin-Cisco eToken Offerings Cisco Integrated Services Routers (ISR) • eToken-based ISR secure provisioning • eToken-based portable credential storage for site-to-site VPN Enterprise Class Teleworker (ECT) Cisco VPN • eToken-based Strong Authentication for VPN client • Online Demo • Online demo for Cisco ISR and VPN

  6. Aladdin eToken &Cisco ISR

  7. eToken ISR Solutions Two main functionalities of eToken with Cisco ISR: • Secure configuration storage and distribution with eToken • Provisions ISR config into eToken, sends Token to location • Router loads ISR config off the eToken when turned on, or merges configuration when eToken is plugged into router • Supports boot-strap or secondary configuration • Portable Credential storage for VPN RSA Key Pairs with eToken • Provides off-platform storage, generation of VPN Credentials • Loads encryption keys when eToken plugged in, and removes when eToken removed Yet another important feature: • Router brings up IPSEC VPN tunnel until eToken is removed, then tunnel comes down (after configurable timeout) Note: Support provided only for eToken PRO

  8. Installation technician plugs in eToken • Enters CLI to boot router from eToken config, including PIN Secure Configuration Storage and Distribution with eToken • Orders router and eToken • Provisioning Center receives eToken and loads configuration file • Sets custom PIN on eToken VMS+TMS 3 1 • Router is shipped directly to customer site • eToken can be shipped to the customer location separately 2

  9. Head End Internet IP Portable Credential Storage for VPN RSA Key Pairs with eToken • Portable Credentials • Stores router VPN credentials on the eToken • When inserted, the router passes the PIN to unlock the eToken and retrieves the credentials • Router brings up IPSEC tunnel until eToken is removed, then tunnel comes down (after configurable timeout)

  10. Values to Cisco Channel • Substantial cost savings: • Routers are shipped to customers blank, as there is no need for physical router configuration • Easy eToken configuration: • Utilizes smooth integration of Token Management System (TMS) and Cisco VMS • Automation and Batch processing of eToken/router configuration: • TMS is able to enroll batch/bulk of tokens; no need to manually deal with each config file • Easy technical support: • Configuration can be reloaded to the router, no need to send technicians • Web service: • Re-provisioning or change in configuration can be done over the web using eToken TMS (i.e., no need to send technician AGAIN to fix config problems)

  11. Values to Cisco Customers • Security: • Router configuration is securely stored on the eToken • Security: • eToken stores the router’s root certificate (RSA keys) • Ease: • Customer is free to purchase routers from any Cisco store • Delivery: • Timely implementation, support and updates • Self service: • Ability to provision and re-provision router over the web

  12. What Is Aladdin Token Management System (TMS)? A system for deploying, managing and using security tokens in an Enterprise TMS offers aLINKbetween: • Users • Organizational rules • Security device(s) • Securityapplication(s)

  13. Token Management System (TMS) & Cisco ISR TMS uses special Cisco ISR connector to provision eToken with ISR configuration TMS can provision tokens as web service using web browser or in a standalone mode ISR configuration may be generated with any tool such as Cisco Security Manager (VMS) Token Management System (TMS) TMS Cisco ISR TMS Connector

  14. #2: Using CLI Create configuration file Enroll with CA Reset PIN Unlock eToken Copy configuration to eToken Copy VPN credentials to eToken GUI will replace CLI Refer to Cisco video for details on router config. #1: Using TMS(TMS=Token Management System) Create configuration file in text editor Reset User PIN and Admin PIN Manage tokens across the organization by SN Copy configuration and credential files to eToken Provisioning the eTokens

  15. Router Provisioning Processes: Old vs. eToken-Based Flow: Channel   User Old Process • Installs VMS • Receives router from distributor • Configures router manually • Ships router to customer • OR >>>>>>> • Plugs router into network • Router goes live • OR: >>>>>>> • Technician arrives and configures router on site. eToken Process • Installs VMS and TMS • Transfers bootstrap batch file to eToken • Ships eToken to customer • Ships blank router to customer • Buys/receives blank router from channel • Receives personalized eToken from channel • Plugs router to network • Plugs eToken into router • Router goes live

  16. What is ECT? Cisco Enterprise Class Teleworker (ECT) solution provides an end-to-end integrated security and management solution for • Remote Access (Business Ready Teleworker) and; • Site-to-Site Access (Business Ready Branch) Key benefits of the ECT solution include: • Layered and integrated Security for router, network, device, user and applications (voice, video, and wireless). • DMVPN, the ECT baseline architecture, seamlessly integrates security, dynamic routing, and the dynamically meshed VPN deployment. • Zero Touch Deployment reduces the complexity of support and the loss of corporate control. • Security Features safeguard the corporate network and prevent unguarded entrances to the network. • Quality of Service provides application availability and guaranteed bandwidth for key applications and users.

  17. ECT & eToken Solution The Need CPE Provisioning & Security • Enhance and simplify the Zero Touch Deployment (ZTD) mechanisms • Secure the CPE credential provisioning • Secure the spoke-to-spoke VPN tunnel • Push security policies changes by administration • Support CPE Re-provisioning or Replacement • CPE Image management Password Management • Password management for enterprise applications Strong Authentication for Network Access • Secure VPN access • Secure network logon (Network logon; 802.1x & NAC)

  18. ECT & eToken Solution The Solution eToken and TMS provide a framework for • CPE provisioning & Security; • Maintenance & support; • Password management and; • Network/VPN access Two tokens are suggested in the framework: • eToken for CEP: • Secure and easy provisioning • Secure VPN tunnel • Support capabilities • eToken for End user: • Passwords management (web & win app) • Strong authentication for remote login to corporate infrastructure • Strong authentication for network logon (LAN), 802.1x & Cisco IBNS (LAN card), and NAC (granular LAN access)

  19. ECT & eToken Solution The Solution

  20. eTokenPassword Management

  21. eToken Password ManagementSolution Password Management • Administrator or service provider uses eToken Simple Sign-On (SSO) and eToken Web Sign-On (WSO) to push corporate applications’ credentials on eToken • eToken stores all necessary logon information including username, passwords, PIN numbers, etc • WSO/SSO fills out automatically the respective web page or logon window credentials. • Great end-user benefit – can cash its personal credentials too Secure and automatic access

  22. Aladdin eToken &Cisco VPN Client

  23. eToken & Cisco VPN • eToken supports all prevalent Cisco VPN access modes with various authentication methods: • Cisco VPN access modes: • SSL VPN • IPSec VPN • Wireless VPN • Authentication methods: • PKI • OTP • The solution combines every possible pair • Note: Support provided for all eTokens. Aladdin promotes eToken NG-OTP

  24. Access Scenarios VPN Remote Access over IPSec VPN Remote Access over SSL WiFi Remote Access over the Web

  25. Cisco: VPN Concentrator Cisco VPN Client Cisco PIX Cisco ACS RADIUS Cisco ISR Cisco ASA Cisco Aironet Access Point Aladdin: eToken NG/Pro eToken CSP TMS (Token Management System) – Unified backend! Certificate Authority: MS VeriSign Other… Solution Components

  26. Benefits and Differentiators • Value to Customers • Integrated end-to-end solution • Remote access based on two-factor authentication providing top notch security • Flexibility in access methods and authentication methods • Shorter implementation/deployment cycle • Best TCO and ROI • Differentiators • The only integrated solution, from only 2 vendors, that encompasses all remote access needs • Can be provided either as an on-site installation, or as a managed service

  27. Benefits and Differentiators • Value to Cisco Channel • Better offering to customers • Fits into channel’s offering based on Cisco gear • Increased demand for access solutions • Shorter sales cycle • Up-sell opportunities with eToken TMS and other security applications • Opportunity to sell more services (integration, maintenance, etc.) • Differentiators • The only integrated solution, from only 2 vendors, that encompasses all remote access needs • Can be provided either as an on-site installation, or as a managed service

  28. Online Demo for Cisco ISR and VPN

  29. Online Demo for Cisco ISR and VPN • Aladdin-Cisco Online Demo • Enables Cisco SE, Channel or Customer to register and apply for eToken, enroll the eToken and run one of two demos: • ISR demo: Enables upload of a given router configuration on board eToken • VPN Demo: Enables experience of two live VPN access scenarios- SSL VPN + eToken OTP authentication- IPSec VPN + eToken certificate-based authentication (PKI) • Key Benefits: • Great demonstration tool to be used by SEs, channels and customers • It is real, and works with Aladdin/Cisco back-end, available 24x7 • TMS web interface shows its most powerful feature – online provisioning of (blank) tokens • Once a user receives its credentials, the demo can be run repetitively, with no limits • Sponsored by Cisco which provides the back-end equipment (PIX, ACS, and Concentrator) • Best practice would be to….. Try it yourself https://ciscodemo.aladdin.com

More Related