Cablenet.com.tr

Juniper Networks Secure Access 2000
The Juniper Networks Secure Access 2000 (SA 2000) SSL VPN enables small-to-medium-sized companies to deploy cost effective remote and extranet access, as well as intranet security. Users can access the corporate network and applications from any standard Web browser. The SA 2000 uses SSL, the security protocol found in all standard Web browsers, as a secure access transport mechanism. The use of SSL eliminates the need for client software deployment, changes to internal servers, and costly ongoing maintenance. Juniper’s Secure Access appliances also offer sophisticated partner/customer extranet features that enable controlled access to differentiated users and groups with no infrastructure changes, no DMZ deployments, and no software agents. This functionality also allows companies to secure access to the corporate intranet, so that administrators can restrict access to different employee, contractor or visitor populations, based on the resources that they need.
The SA 2000 comes with the streamlined feature set that an enterprise would need to deploy secure remote access, as well as a basic customer/partner extranet or secure intranet. The Advanced license enables additional sophisticated features that meet the needs of more complex deployments with diverse audiences and use cases, as well as Juniper Networks Central Manager.
Value Summary
Rich Access Privilege Management Capabilities • Dynamic, controlled access at the URL, file, application and server • Secure remote access with no client software deployments or level, based on a variety of session-specific variables including changes to servers, and virtually no ongoing maintenance identity, device, security control and network trust level • Secure extranet access with no DMZ buildout, server hardening resource duplication, or incremental deployments to add • Three different access methods allow administrators to balance security and access on a per-user, per-session basis • Numerous security options from the end user device, to the • Cluster pair deployment option, for high availability across the LAN • Juniper’s Endpoint Defense Initiative includes native functionality as well as client- and server-side APIs for effective enforcement and • Central management option for unified administration unified administration of best-of-breed endpoint security • User self service features enhance productivity while lowering Lower Total Cost of Ownership
In addition to enterprise-class security benefits, the SA 2000 has a wealth of features that enable low total cost of ownership.
Features
Benefits
Secure remote access with no client software deployment and no changes to existing servers Based on industry-standard protocols and The investment in the Secure Access 2000 can be leveraged across many applications and resources over time.
Extensive directory integration & broad Existing directories can be leveraged for authentication and authorization. Standard-based interfaces and APIs provide seamless integra- Provides the ability to host different virtual extranet Websites from a single SA 2000 appliance, saving the cost of incremental servers, easing management overhead and providing a transparent user experience with differentiated entry URLs Allows the creation of completely customized sign-in pages to give an individualized look for specified roles, streamlining the End-to-End Layered Security
The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls.
These include:
Features
Benefits
Client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or restrict-ing network ports; checking files/process and validating their authenticity with MD5 hash checksums. Performs version checks on security applications, and carries out pre-authentication checks and enforcement. Enables enterprises to write their own host check method to customize the policy checks. Resource access policy for non-compliant endpoints is configurable by the administrator.
Created in partnership with best-of-breed endpoint security vendors, enables enterprises to enforce an endpoint trust policy for managed PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints Enables enterprises to deliver and update third party security agents from the SA 2000, which reduces public-facing infrastructure, en-ables consolidated reporting of security events, and enables policy-based remediation of non-compliant clients Allows the enterprise to establish trustworthiness of non-API-compliant hosts without writing custom API implementations, or locking out external users such as customers or partners that run other security clients Hardened security infrastructure, audited by 3rd party security experts including CyberTrust, effectively protects internal resources and lowers total cost of ownership by minimizing the risk of malicious attacks.
Security services employ kernel-level packet Ensures that unauthenticated connection attempts, such as malformed packets or DOS attacks are filtered outfiltering and safe routing All proxy downloads and temp files installed during the session are erased at logout, ensuring that no data is left behind Prevents sensitive meta-data (cookies, headers, form entries, etc) from leaving the network, and allows for rendering of content in a non-cacheable format Access Privilege Management Capabilities
The SA 2000 appliance provides dynamic access privilege management capabilities without infrastructure changes, custom development, or
software deployment/maintenance. This facilitates the easy deployment and maintenance of secure remote access, as well as secure extranets and
intranets. When a user logs in to the SA 2000, they pass through a pre-authentication assessment, and are then dynamically mapped to the session
role that combines established network, device, identity and session policy settings. Granular resource authorization policies further ensure exact
compliance to security strictures.
Features
Benefits
Hybrid role- / resource-based policy model Administrators can tailor access to dynamically ensure that security policies reflect changing business requirements Network and device attributes, including presence of Host Checker/Cache Cleaner, source IP, browser type and digital certificates, can be examined even before login is allowed and results are used in dynamic policy enforcement decisions Leverages the enterprise’s existing investment in directories, PKI, and strong authentication, enabling administrators to establish a dynamic authentication policy for each user session Combines network, device and session attributes to determine which of three different access methods, or combination of methods, is allowed enabling the administrator to provision by purpose for each unique session Enables extremely granular access control to the URL, server, or file level to tailor security policies to specific resources Fine-grained auditing and logging capabilities in a clear, easy-to-understand format can be configured to the per-user, per-resource, and per-event level. Auditing and logging features can be used for security purposes as well as capacity planning Enable the dynamic combination of attributes on a “per-session” basis, at the role definition/mapping rules and Alleviates the need for end users to enter and maintain multiple sets of credentials for Web-based and Microsoft applications In addition to BASIC Auth and NTLM SSO, the advanced feature set provides the ability to pass user name, credentials and other customer defined attributes to the authentication forms of other products and as header- variables, to enhance user productivity and provide a customized experience. SAML-based integration for authentication and authorization Provision by Purpose
The Secure Access 2000 includes three different access methods. These different methods are selected as part of the user’s role, so the
administrator can enable the appropriate access on a per-session basis, taking into account user, device, and network attributes in combination with
enterprise security policies.
Features
Benefits
• Access to Web-based applications, including complex JavaScript, XML or Flash-based apps and Java applets that require a socket con- nection, as well as standards-based e-mail, files and telnet/SSH hosted applications. • Core Web access also enables the delivery of Java applets directly from the Secure Access appliance.
• Provides the most easily accessible form of application and resource access, and enables extremely granular security control options • A lightweight Java or Windows-based download enables access to client/server applications using just a Web browser. Also provides native access to terminal server applications without the need for a pre- installed client • Provides complete network-layer connectivity via an automatically provisioned cross-platform download• Users need only a Web browser. Network Connect transparently selects between two possible transport methods, to automatically deliver the highest performance possible for every network environment.
High Availability
The SA 2000 includes a variety of capabilities for the availability and redundancy required for mission-critical access in demanding enterprise
environments.
Features
Benefits
Units that are part of a cluster pair synchronize system-state, user profile-state, and session-state data among a group of appliances in the cluster for seamless failover with minimal user downtime and loss of productivity Cluster pairs multiply aggregate throughput to handle unexpected burst traffic as well as resource intensive application use. Clusters can be deployed in either Active/Passive or Active/Active modes across the LAN or across the WAN for superlative scalability with a large number of user licenses, which scales access as the user base grows Streamlined Management and Administration
The SA 2000 includes a variety of features available from a central management console at the click of a button. These benefits are extended across
clustered devices, with the addition of SA Central Manager, part of the Advanced Software features set. Central Manager is a robust product with
an intuitive Web-based UI designed to facilitate the task of configuring, updating and monitoring Secure Access appliances whether within a single
device, local cluster or across a global cluster deployment.
Features
Benefits
Cluster pairs can be seamlessly managed from an integrated central management console, making administration convenient and ef- ficient. The Central Manager allows administrators to track cluster-wide metrics, push configurations and updates, and provide backup and recovery for local and clustered appliances.
Increases end user productivity, greatly simplifies administration of large diverse user groups, and lowers support costs Password management integration Web Single Sign-On Granular role-based delegation lessens IT bottlenecks by allowing administrators to delegate control of diverse internal and external user populations to the appropriate parties, associating real-time control with business, geographic, and functional needs Administrators can copy and re-use existing policies, simplifying the process of setting up complex multi-variable polices or administration Using Secure Access Central Manager, log data can be compiled in standard formats including W3C or WELF, as well as tailored for input Enhanced monitoring with standards-based integration to third party management systems Specifications
Upgrade Options
Secure Access 2000 Base System
• Secure Application Manager and Network Connect Upgrade Option (SAMNC) Secure Access 2000 User Licenses
• Advanced Software Feature Set (includes Central Manager) Technical Specifications
Secure Access 2000 Feature Licenses
• Dimensions: 16.7”W x 1.74”H x 15”D Secure Application Manager and Network Connect for SA 2000 • Weight: 13.2lb (5.99 kg) typical (unboxed) • Material: 18 gauge (.048”) cold-rolled steel Secure Access 2000 Clustering Licenses
• Fans: 1 blower, 1, 40mm ball bearing fan in power supply Clustering: Al ow 25 additional users to be shared from another SA 2000 Panel Display
Clustering: Al ow 50 additional users to be shared from another SA 2000 SA2000-CL-100U Clustering: Al ow 100 additional users to be shared from another SA 2000 Accessories
• Two RJ-45 Ethernet - 10/100/1000 full or half-duplex (auto-negotiation) Power
• AC Power Wattage 260 Watts
• AC Power Voltage 100-240VAC, 50-60Hz, 2.5A Max
• System Battery CR2032 3V lithium coin cell
• Efficiency 65% minimum, at full load
• MTBF 87,000 hours
Environmental
• Operating Temp 50° to 95°F (10°C to 35°C)
• Storage Temp -40° to 158°F (-40°C to 70°C)
• Relative Humidity (Operating) 8% to 90% noncondensing
• Relative Humidity (Storage) 5% to 90% noncondensing
• Altitude (Operating) -50 to 10,000 ft (3,000m)
• Altitude (Storage) -50 to 35,000 ft (10,600m)
Safety and Emissions Certification
• Safety: EN60950-1:2001+A11, UL60950-1:2003, CSA C22.2 No. 60950-1,
IEC 60950-1:2001
• Emissions: FCC Class A, VCCI Class A, CE class A
Warranty
• 90 days – can be extended with support contract
Copyright 2005, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any Suite 2507-, Asia Pacific Finance Tower inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Source: http://www.cablenet.com.tr/dosyalar/JUNIPER%20SA2000_SSLVPN.pdf