1 / 26

High Performance Reliable Secure Remote Access

High Performance Reliable Secure Remote Access. What to sell. Access Solutions Remote Access Partner and Branch Office Access Performance, Scalability & Capacity Virtual Portal AAA High Availability -- SSF Array Business Continuity Plan. Remote Access. Focus On:

barry-cooley
Download Presentation

High Performance Reliable Secure Remote Access

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. High Performance Reliable Secure Remote Access

  2. What to sell • Access Solutions • Remote Access • Partner and Branch Office Access • Performance, Scalability & Capacity • Virtual Portal • AAA • High Availability -- SSF • Array Business Continuity Plan

  3. Remote Access • Focus On: • Network Level Access – L3 VPN • Sell With Caution: • WRM – Expect to encounter application specific issues. • OK to sell: ClientApp – L4 Access. • We have java version and ActiveX version, but user experience is dramatically different. This will be fixed in SPX-II • ClientApp and L3 will become one Array Client in SPX-II • We will resolve the stability issues we encounter occasionally. • Avoid: • LinkDirect • Fileshare • MailProxy

  4. Network Level Access • Performance and Scalability • 64000 maximum number of tunnels, 12000 concurrent tunnels with 30Kbps • Latest 8.3.1+ improved single tunnel download speed by up to 50% in LAN environment • Working on more optimization to improve the download speed on WAN for as much as 3~5x • Robustness and Reliability • Unique auto-reconnect and IP layer transparency make it possible for applications to survive network interrupts and even switching networks, e.g. from LAN to WLAN • Rich feature set • Broad environment support

  5. Network Level Access Unmatched reliability • Resilient to network interrupts and provides seamless access. Application Connection is maintained even when users switch from LAN to Wi-Fi Without Array, IE download will stop right away. With Array, download will continue when connection is restored. The only thing users may notice is the icon turning yellow then back to red again. User applications are not interrupted.

  6. WRM – new from 8.4.x • WRM may not support all applications “out of the box”, complex applications should be tested first. • New WRM is based on industry leading, standards compliant technology for handling web based content (Firefox parser). • 18 customers in China on new WRM, 91 bugs files, 88 fixed. Bug fix is much easier and faster than before. • Providing instant access to popular web based business applications: • Outlook Web Access 2000, 2003, 2007 • Lotus iNotes • Documentum • Emis, DG Info, other company internal applications • If an application does not work through basic WRM, there are alternative access modes available: • Custom Rewrite rules • Hostname and port based access • Access through L3 client

  7. Standards Compliant • Web standards support: • HTML 4.01, partial HTML 5.0 • JavaScript 1.6 • CSS 1, CSS 2, partial CSS 3 • DOM 1, DOM 2, partial DOM 3 • XML 1.0, XML Namespaces • XSLT 1.0, XPath 1.0 • Web 2.0 support: • Microsoft ASP.NET AJAX • Google Web Toolkit • Yahoo! User Interface Library • JQuery, MochiKit • Not as well supported: VBScript, ActiveX, Flash.

  8. Partner & Branch Access -- SiteDirect • Pain Free Deployment • IP Conflict • NAT/Firewall Issues • Only necessary resources are exposed to remote • Improvements • Clustering issue with SiteDirect • Tunnel IPSec and other IP protocols • Performance • What about providing user level control to SiteDirect access – user is required to login and will see the remote resource on the portal page?

  9. Virtual Portal • Different groups have different needs – customization, resources, access control and administration. • Array’s unique virtualization technology allows the separation of resources, configuration, and administration. • Up to 256 fully customizable virtual portals allow customers to satisfy the needs of all groups with self-contained configuration and management. • Delegation of management privileges to virtual portal administrators provides flexibility and improves productivity • Clear concept, simple management, no mistakes.

  10. AAA • Supports all standard industry authentication methods • Active Directory, LDAP, RADIUS, Local Auth Database, dual factor and more • RSA certified • Advance client-side certificate-based authentication • Allow separated authorization server different from authentication server to provide flexibility in complicated environment • AAA server ranking allows up to 4 different authentication settings for each virtual portal • Support RADIUS accounting and a wide range of auditing requirements. • MAC, HDD or User SID based login

  11. High Availability -- Clustering • Stateful Session Failover • Session information mirrored across Array systems • In the event of an incident, users failover to standby or another active unit • In most cases, failover is transparent to users, no service interrupt • Configuration synchronized at run time • Build-in dispatcher allows Active-Active configuration without additional hardware SPX-Active SPX-Active SPX-Active SPX-Active Internal Application Internal Application

  12. Array Business Continuity (ABC) • Pre-Paid License to cost-effectively provision user base • Enables concurrent user surges up to hardware capacity • Requires no IT intervention – automatically allows bursting. Extra users log in seamlessly during emergencies • One-time license fee allows bursting for any 10 days (10 x 24 hours)

  13. Summary • Uninterrupted Remote Access through Network Level Access and WRM • Unmatched Performance, Scalability and Capacity • Up to 256 easy managing Virtual Portals • Flexible AAA and Advanced High Availability • Guaranteed Business Continuity Access, Security, Performance, Innovation and Peace of Mind All in one Array SPX Appliance

  14. Additional Details • Network Level Access • WRM • SiteDirect • Virtual Portal • ABC

  15. Network Level Access Leadership • Unbeatable capacity • Maximum 64,000 concurrent tunnels • 12,000 concurrent active tunnels with minimum 30Kbps throughput each. • Strong Performance leadership • High aggregate throughput • Fast tunnel establishment • Low or no impact on latency • Fast download speed for single user and multiple concurrent users • Low CPU utilization • Unmatched Reliability • Network interruption is common. Array VPN client detects and handles network interruption smoothly without impacting user applications. • Users can switch networks, such as when moving from a wired to a wireless network, without disrupting any application connections.

  16. Testimony VPN Access - The Way It Should Be IT is unavoidably the perfect target for peoples' complaints – always has been always will be. But the fact is that I'm sitting here in a somewhat remote area of Thailand at one of our provider's factories and have been logged into the latest web-based VPN solution for hours ..... With zero incident. This is unheard-of in my travel experiences. While no tool is absolutely perfect, in the software/IT world, this one is far closer than most of the others I have encountered. Having traveled throughout Asia extensively for the last 7 years, I cannot begin to describe the mountain of frustrations and countless hours that have been lost due to connectivity. Just earlier in the year I was sitting at this same table with 3 IT reps from this factory who worked unsuccessfully for hours to get me into the then Nortel VPN solution. The stability, consistency of access and ease of use of this new tool is what prompted me to write this. It will take a long time for me to get over the noticeable difference this has made and start taking it for granted. To you and all those involved in choosing and implementing this solution (please forward along): THANK YOU!!!!!!

  17. Network Level Access Features • Rich Features make it possible to deploy for many different scenarios. • Flexible IP address assignment • Internal managed address pool • Through DHCP server -- allow remote users to use the same DHCP server on the corporate network • Static IP address to any user • Zero configuration forward proxy support (client side and SPX side) • WinAdmin • Launch command or script when tunnel connect or disconnect • Send remote client traffic to designated gateway • Allow local subnet access • Block local DNS • Broadcast support • Allow customers to choose not to upgrade client

  18. Network Level Access Support • Broad client environment support enables you to extend your remote access to any user and any place you want • Windows – 2000, XP, Vista 32/64-bit, Windows 7 32/64-bit • IE & Firefox • Java version & ActiveX version Plug-in • Standalone client eliminates the browser dependency and it just takes one click to start a VPN tunnel • Linux – Firefox • MacOS – Firefox & Safari • Windows CE & Windows Mobile – Internet Explorer

  19. WRM Browser-based Remote Access Remote User Firewall SSL Internet OWA or other Internal Web Applications Array SPX • Users access from any browser on any platform • No client or plug-in to install or manage • No changes to firewall, infrastructure or internal applications • Users never access internal applications directly, better separation for internal data and resource. • URL masking hides internal URLs

  20. Partner & Branch Access -- SiteDirect • SiteDirect is an easy and fast way to share network resources between two remote locations. • Partners, vendors, short term business relationships. • Mergers and acquisitions. • Remote branch offices. • Resource can an application, a server or a network. • Deployment is simple and pain free. • No need to change network topologies. • IP conflicts are automatically eliminated. • Uses SSL (port 443) to traverse network security devices. No issue with NAT or firewalls. • Networks are easy to secure. • Only the configured resources are exposed. • Internal network topology is hidden. • No need for many/complex rules to protect non-shared resources. • Local users can be authenticated before allowing access to remote resources

  21. Leased Line Frame Relay MPLS VPN IPSec VPN Challenges of Deploying Extranets… Partner Network Need to Share Too Risky To Share Enterprise Network

  22. Need to Share Need to Share Resource Publishing One more time, with SiteDirect! Partner Network Too Risky To Share Enterprise Network

  23. INTERNET Virtual Portal Deployment Virtual Portal 1: Remote Access Virtual Portal provides different level of access and different resources to different group of users Email, Files Virtual Portal 2: IT – Remote Mgmt IT infrastructure, Database Array SPX AAA Web, Support, ERP etc. Virtual Portal 3: Partners

  24. Array Business Continuity (ABC) • Pre-Paid License to cost-effectively provision user base • License loaded on hardware at purchase or via upgrade • Enables concurrent user surges up to hardware capacity • Requires no IT intervention – automatically allows bursting • Customers pay only for users activated during events

  25. ABC 10-Day Pre-Paid License • Provides 10 days of bursting capability • Extra users log in seamlessly during emergencies • No IT intervention required • One-time license fee allows bursting for any 10 days (10 x 24 hours) • Burst up to a pre-defined concurrent user count

  26. Thank You!

More Related