Weitere ähnliche Inhalte Ähnlich wie Juniper sa-sslvpn (20) Mehr von n|u - The Open Security Community (20) Kürzlich hochgeladen (20) Juniper sa-sslvpn1. SA SERIES SSL VPN APPLIANCES
PRODUCT LINE PRESENTATION
May 19, 2010
2. AGENDA
1. SSL VPN Market Overview
2. SSL VPN Use Cases
3. Access Control and AAA
4. End-to-End Security
5. Secure Meeting
6. Hardware, Management and High Availability
2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
3. BUSINESS CHALLENGE: GRANT ACCESS VS. ENFORCE SECURITY
Maximize Productivity with Access... …While Enforcing Strict Security
Allow partner access to applications Allow access only to necessary
(Extranet portal) applications and resources for certain
users
Increase employee productivity by
providing anytime, anywhere access Mitigate risks from unmanaged
(Intranet, E-mail, terminal services) endpoints
Customize experience and access for Enforce consistent security policy
diverse user groups
(partners, suppliers, employees)
Enable provisional workers
(contractors, outsourcing)
Support myriad of devices
(smartphones, laptops, kiosks)
…And the Solution Must Achieve Positive ROI
Minimize initial CAPEX costs
Lower ongoing administrative and support OPEX costs
3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
4. IPSEC VPN VS. SSL VPN
Internet
Kiosk
Mobile
Branch Office Sales
Users
HR Internet
Finance
Internet
Department
DMZ-1
Partners,
Servers
Customers,
Remote Office HQ Telecommuters Contractors
IPSec VPN SSL VPN
Employee Remote Access
Telecommuters
Remote/Branch Office Deployments
Mobile Users
Partner Extranets
Fixed Site-to-Site Mobile or Fixed
Managed Endpoints Managed or Unmanaged Endpoints
Layer 3 Network Access Access Control Per Application
IP to IP Control User to Application Control
Access allowed from Unmanaged and Untrusted
Access from Managed, Trusted Networks
networks as well
4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
5. THE SOLUTION:
JUNIPER NETWORKS SECURE ACCESS SSL VPN
Mobile User –
Cafe
Secure SSL access to remote users
from any device or location
VoIP
Teleworker
Easy access from Web-browsers – no SA6500
client software to manage
Dynamic, granular access control to
manage users and resources
Business Partner
or Customer
Single comprehensive solution to
access various application types from
various devices available
Wireless/Mobile
Device
User
Airport
Kiosk User
5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
6. JUNIPER NETWORKS SSL VPN MARKET LEADERSHIP
Juniper maintains #1 market share position worldwide
Leader since SSL VPN product category inception
Source: 4Q09 Infonetics Research Network Security Appliances and Software Report
6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
7. ANALYST PRAISE & RECOGNITION
2008 Gartner Magic Quadrant for SSL VPN
2009 Magic Quadrant Key
Takeaways:
“Juniper has maintained the product
vision, execution and overall momentum
so effectively that it has held a
leadership position continuously…”
“…unchallenged disruptive sales
advantage”
“Juniper is the No. 1 competitive
threat…”
“Year after year, Juniper's products earn
a high satisfaction rating…”
http://www.gartner.com/technology/media-products/reprints/juniper/vol6/article1/article1.html Source: Gartner (October
2009)
7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
8. JUNIPER SA SSL VPN RECOGNITION & AWARDS
Award
Winning
3rd Party
Certified
Market
Leading
Market share leader & proven solution with over 20,000 customers
8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
9. AGENDA
1. SSL VPN Market Overview
SSL VPN Use Cases
3. Access Control and AAA
4. End-to-End Security
5. Secure Meeting
6. Hardware, Management and High Availability
9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
10. #1 - REMOTE ACCESS AT LOWER OPERATING COSTS
SA6500
Employees with Employees with
Mobile Devices Corporate Laptops
Employees Corporate
with Home PCs Intranet
Email
Server
Firewall
Internet
Router
Applications
Server
Increased Productivity Increased Security
Anytime, anywhere access from any device Encrypted secure access to corporate resources
No endpoint software to install or manage Granular access control
Easy access facilitated from common browsers Comprehensive endpoint security enforcement
10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
11. #2 - EXTRANET PORTALS WITH GREATER SECURITY
SA6500
Suppliers Customers
Corporate
Intranet
Client/Serer
Partners Web Applications
Firewall Applications
Internet Router
Administrative ease of use Enforcement of corporate security policies
Easier management of authorized users Granular access to select applications or resources
No client software enforced on external users Endpoint security enforced before granting access
Access enabled from any Web-enabled device No administrative hassle of managing users’ devices
11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
12. #3 – MOBILE DEVICE ACCESS
SA6500
Apple iPhone
Corporate
Intranet
Email
Firewall Server
Internet Router
Applications
Server
Improved Ease of Use, Higher Productivity
Access from any mobile device
ActiveSync facilitates secure access to Exchange
Enforce mobile device integrity and security
12 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
13. AGENDA
1. SSL VPN Market Overview
2. SSL VPN Use Cases
Access Control and AAA
4. End-to-End Security
5. Secure Meeting
6. Hardware, Management and High Availability
13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
14. DYNAMIC ACCESS METHODS BY PURPOSE
Three different access methods to control users’ access to resources
Dynamic access control based on user, device, network, etc.
Network Connect Secure Application Manager Core Access
Access to Web-based applications,
Layer-3 connectivity to corporate Access to client/server applications
File shares, Telnet/SSH hosted apps,
network such as Windows & Java applications
and Outlook Web Access
Supports all applications including One click access to applications
Granular access control all the way
resource intensive applications like such as Citrix, Microsoft Outlook, and
up to the URL or file level
VoIP & streaming media Lotus Notes
Recommended for remote and Ideal for remote & mobile employees Ideal for remote & mobile employees
mobile employees only as full and partners if they have client and partners accessing from
network access is granted applications on their PCs unmanaged, untrusted networks
Layer-3 access to corporate Granular client/server Granular web application
network application access control access control
14 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
15. CLIENTLESS ACCESS METHOD: CORE ACCESS
Broad set of supported platforms Integrated E-mail Client
and browsers
Secure Terminal Access
Secure, Easy Web Application Access to Telnet/SSH (VT100,
Access VT320…)
Pre-defined resource policies for
Anywhere access with no terminal
Sharepoint, Lotus Webmail, etc.
emulation client
Support for Flash, Java applets,
HTML, Javascript, DHTML, XML, etc.
Support for Hosting & delivering any
Java applet
Secure File Share Access
Web front-end for Windows and Unix
Files (CIFS/NFS)
15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
16. SECURE APPLICATION MANAGER
Full cross platform support for both WSAM – secure traffic to specific
Windows & Java versions client/server applications
Supports Windows Mobile/PPC, in
Granular access control policies for addition to all Windows platforms
client/server applications Granular access and auditing/logging
Access applications without capabilities
provisioning full Layer 3 tunnel
Installer Service available for
Eliminates costs, complexity, and constrained user privilege machines
security risks of IPSec VPNs
No incremental software/hardware or JSAM – supports static TCP port
customization to existing apps client/server applications
Enhanced support for MSFT MAPI,
Lotus Notes, Citrix NFuse
Drive mapping through NetBIOS
support
Install without advanced user
privileges
16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
17. LAYER-3 ACCESS METHOD: NETWORK CONNECT
rmance SA Series
High Perfo ode
M
Transport
High Availability
e
Transport Mod
Full Layer 3 Access to corporate network
Dynamic, Dual Transport Mode
Dynamically tries SSL in case IPSec is blocked in the network
Cross Platform Dynamic Download (Active-X or Java delivery)
Launching options include – browser-based, standalone EXE, scriptable
launcher and Microsoft Gina
Client-side Logging, Auditing and Diagnostics available
17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
18. ACCESS METHODS
TERMINAL SERVICES
Seamlessly and securely access any Citrix or Windows Terminal
Services deployment
Intermediate traffic via native TS support, WSAM, JSAM, Network
Connect, Hosted Java Applet
Replacement for Web Interface/Nfuse
Native TS Support
Granular Use Control
Secure Client delivery
Integrated Single Sign-on
Java RDP/JICA Fallback
WTS: Session Directory
Citrix: Auto-client reconnect/
session reliability
Many additional reliability, usability,
access control options
18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
19. ACCESS METHODS
VIRTUAL DESKTOP INFRASTRUCTURE (VDI)
AAA
Apps Servers
SA Series Finance
Remote/Mobile User VMware VDI Server
Citrix XenDesktop
SA interoperates with VMware View Manager and Citrix XenDesktop to enable
administrators to consolidate and deploy virtual desktops with SA
Allows IT administrators to configure centralized remote access policies for users who
access their virtual desktops
Dynamic delivery of Citrix ICA client or VMware View client to users, including dynamic
client fallback options for easy connection to their virtual desktops
Benefits:
– Seamless access (single sign-on) for remote users to their virtual desktops hosted on VMware or
Citrix servers
– Saves users time and improves their experience accessing their virtual desktops
19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
20. ACCESS PRIVILEGE MANAGEMENT
1 USER / 1 URL / 3 DEVICES & LOCATIONS
Pre-Authentication Authentication & Role Assignment Resource Policy
Authorization
Gathers information
Applications available
from user, network, Authenticate user Map Assign session
to user
endpoint user to role properties for user role
•Host Check: Pass •Auth: Digital Certificate •Access Method: •Outlook (full version)
•AV RTP On Network Connect •CRM Client/Server
•Definitions up to date •Role Mapping: Managed •File Access: Enabled •Intranet
•Machine Cert: Present •Timeout: 2 hours •Corp File Servers
Managed •Device Type: Win XP •Host Check: Recurring •Sharepoint
Laptop
•Host Check: Fail •Auth: AD Username/ •Access Method: •Outlook Web Access
•No AV Installed Password Core (no file up/download)
•No Personal FW •SVW Enabled •CRM Web (read-only)
•Machine Cert: None •Role Mapping: •File Access: Disabled •Intranet
•Device Type: Mac OS Unmanaged •Timeout: 30 mins
Unmanaged
•Host Check: Recurring
(Home PC/Kiosk)
•Host Check: N/A •Auth: Digital Certificate •Access Method: •Outlook Mobile
WSAM, Core •CRM Web
•Machine Cert: None •Role Mapping: Mobile •File Access: Enabled •Intranet
•Device Type: Win Mobile •Timeout: 30 mins •Corp File Servers
6.0
Mobile Device
20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
21. ONE DEVICE FOR MULTIPLE GROUPS
CUSTOMIZE POLICIES AND USER EXPERIENCE FOR DIVERSE USERS
partners.company.com
“Partner” Role
Authentication Username/Password
Host Check Enabled – Any AV, PFW
Access Core Clientless
Applications MRP, Quote Tool
employees.company.com “Employee” Role
SA Series
Authentication OTP or Certificate
Host Check Enabled – Any AV, PFW
Access Core + Network Connect
Applications L3 Access to Apps
customers.company.com
“Customer” Role
Authentication Username/Password
Host Check Enabled – Any AV, PFW
Access Core Clientless
Applications Support Portal, Docs
21 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
22. SEAMLESS AAA INTEGRATION
Full Integration into customer AAA infrastructure
AD, LDAP, RADIUS, RSA SecurID, Certificate, etc.
Use of group membership and attributes for authorization/role
mapping
Password Management Integration
Users can manage their AD/LDAP passwords through SSL VPN
Single Sign-On Capabilities
Seamless user experience for web applications
Forms, Header, SAML, Cookie, Basic Auth, NTLM v1/v2, Kerberos
SAML Support – Web single sign-on, integration with I&AM
platforms
22 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
23. AGENDA
1. SSL VPN Market Overview
2. SSL VPN Use Cases
3. Access Control and AAA
4. End-to-End Security
5. Secure Meeting
6. Hardware, Management and High Availability
23 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
24. ENDPOINT SECURITY
Host Checker Host Checker
Support for hundreds of leading Third Party applications - Check devices before & during session
- Ensure device compliance with corporate policy
AV, Personal Firewall, Anti-Spyware, Anti-Malware, - Remediate devices when needed
Windows patch checks, machine certificate checks +
Custom policy definition - Cross platform support
Devices automatically learn latest signature versions from
AV vendors Home PC User Airport Kiosk User
Check for AV installation, real-time protection status, SA Series
definition file age
Varied remediation options to meet customer needs
Trusted Network Connect (TNC) architecture for
seamless integration with all TNC compliant endpoint - No Anti-Virus Installed - No anti-virus installed
security products/vendors - Personal Firewall enabled - No personal firewall
Leverage existing endpoint security application - User remediated install - User granted minimal
anti-virus access
deployments - Once installed, user
granted access
Antispyware Support with Enhanced Endpoint
Security (EES) Functionality
Antispyware integrated from Webroot, the market leader
in antispyware solutions
Corporate PC User
Secure Virtual Workspace
Creates protected virtual system for untrusted machine
Cache Cleaner - AV Real-Time Protection running
Remove browser contents/history at conclusion of user - Personal Firewall Enabled
session - Virus Definitions Up To Date
- User granted full access
24 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
25. ANTISPYWARE SUPPORT WITH ENHANCED ENDPOINT
SECURITY (EES) FUNCTIONALITY
Number of newly discovered malicious programs are growing
Cost enterprises time, money, and productivity to quarantine and Antispyware /
remediate contaminated endpoints antimalware software
dynamically
Addressing growth in malware, SA and UAC now dynamically provisioned to
download antispyware/antimalware software to endpoints endpoints
Regardless of user or location
SA Series
Antispyware integrated from Webroot, the market leader in
antispyware solutions UAC Series
Number of simultaneous endpoints that can use the feature will
depend on the optional subscription license ordered
Customer Benefits: Data &
Applications
Road
Ensure only healthy devices are granted network access Warrior,
Malware
Partner, or
Protect corporate resources from infected endpoints Employee
Real time shield is always on with memory scan and virus
signatures
Save IT time and money from correcting individual endpoints;
decrease user downtime that affects productivity
25 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
26. UAC-SA FEDERATION DIAGRAM
Campus HQ Wired/ Wireless
Data Center
IC Series UAC Appliance
2) SSL VPN talks to IC to 3) IC provisions access
L2 Switch let IC know of user session control rules on UAC
enforcement points Applications
and roles provisioned
SA Series SSL VPN ISG Series with IDP
LAN User
4) User accesses resources
1) Remote user logs into SSL protected by UAC with single
VPN login
SSL VPN provisions remote
access sessions Internet
• Consistent policies for remote and LAN access
• Policy servers that can share knowledge of users for intelligent
Remote User provisioning of access inside network
26 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
27. JUNIPER’S COORDINATED THREAT CONTROL
3 - SA identifies user 2 - Signaling protocol 1 - IDP detects
& takes action on user to notify SSL VPN of threat and stops
session attack traffic
Partner
Intermediated
traffic
Internet LAN
SA Series IDP
Tunneled
traffic
Employee
Correlated Threat Information Comprehensive Threat Detection
Coordinated Identity-Based Threat and Prevention
• Identity Response
• Endpoint •Ability to detect and prevent
• Access history • Manual or automatic response malicious traffic
• Response options: •Full layer 2-7 visibility into all
• Detailed traffic & threat • Terminate session traffic
information • Disable user account •True end-to-end security
• Quarantine user
• Supplements IDP threat
prevention
27 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
28. JUNOS PULSE
Dynamically provisioned software client for:
Remote access
Enterprise LAN access control
WAN acceleration
Dynamic VPN (for SRX)
Easy-to-use, intuitive user experience
Location aware with dynamic session
migration
Identity-enabled
Standards-based
Integration platform for select 3rd party Builds on Juniper’s
applications (e.g. Webroot antimalware) market leading SA Series
SSL VPN, UAC solution,
and WXC technology!
28 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
29. JUNIPER NETWORKS ICE FOR BUSINESS CONTINUITY
Meeting the peak in demand for remote access in the event of a disaster
Juniper Networks ICE delivers
Proven market-leading SSL
Peak Demand
VPN
Easy deployments
Number of Remote Users
Instant activation
Investment protection
Affordable risk protection
What will you do
Average usage when your non-
remote users need
access?
Unplanned event Time
29 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
30. AGENDA
1. SSL VPN Market Overview
2. SSL VPN Use Cases
3. Access Control and AAA
4. End-to-End Security
5. Secure Meeting
6. Hardware, Management and High Availability
30 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
31. SECURE MEETING
INSTANT COLLABORATION/REMOTE HELPDESK
Easy to Use Web Conferencing
Share desktop/applications Instant or scheduled online
Group and private chat collaboration
Easy to Deploy and Maintain
No pre-installed software required
Web-based, cross platform
Personalized meeting URLs for users
https://meeting.company.com/ meeting/johndoe
Affordable – No usage/service fees
Secure
Fully encrypted/secured traffic using
SSL
No peer-to-peer backdoor
User credentials protected
Remote Helpdesk Functionality
Automatic desktop sharing/remote
control request
31 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
32. AGENDA
1. SSL VPN Market Overview
2. SSL VPN Use Cases
3. Access Control and AAA
4. End-to-End Security
5. Secure Meeting
6. Hardware, Management and High Availability
32 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
33. JUNIPER SSL VPN PRODUCT FAMILY
FUNCTIONALITY AND SCALABILITY TO MEET CUSTOMER NEEDS
Options/upgrades: Options/upgrades: Options/upgrades: Options/upgrades:
• 10-25 conc. users • 25-100 conc. users • 50-1000 conc. users • Up to 30K conc. users
• Core Clientless • Secure Meeting • Secure Meeting • Secure Meeting
Access • Cluster Pairs • Instant Virtual System • Instant Virtual System
• Network & Security • EES • SSL Acceleration • 4-port SFP card
Manager (NSM) • NSM • Cluster Pairs • 2nd power supply or
• EES DC power supply
• NSM • Multi-Unit Clusters
• EES
• NSM
Breadth of Functionality
Secure Access 6500
Secure Access 4500
Secure Access 2500
Designed for:
Designed for: Large enterprises & SPs
Designed for: Medium to large Secure remote, intranet
Secure Access 700 Medium enterprise enterprise and extranet access
Secure remote, intranet Secure remote, intranet Includes:
and extranet access and extranet access Core Clientless Access
Designed for: Includes: Includes: SAMNC
SMEs Core Clientless Access Core Clientless Access SSL acceleration
Secure remote access SAMNC SAMNC Hot swap drives, fans
Includes:
Network Connect
Enterprise Size
All models are now Common Criteria EAL3+ certified:
http://www.dsd.gov.au/infosec/evaluation_services/epl/network_security/juniper_networks_SAF.html
33 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
34. SECURE ACCESS FEATURES
Secure Meeting License
High Availability License
Active-Passive or Active-Active support
Stateful session failover
Enhanced Endpoint Security (EES) License
Advanced troubleshooting tools for quick issue resolution
Policy trace, session recording, system snapshot, etc.
Granular Role-based administration
Detailed logging and log filtering
Config Import/Export
Configuration backup/archiving
FIPS Certified Product Available
34 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
35. USEFUL LINKS
What’s New: New features in respective release.
http://www.juniper.net/techpubs/software/ive/releasenotes/6.5-whats_new.p
Supported Platforms:
http://www.juniper.net/techpubs/software/ive/releasenotes/SA-SupportedPl
Client Side Changes:
http://www.juniper.net/techpubs/software/ive/admin/6.5-ClientSideChanges
35 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
36. WHY JUNIPER FOR SSL VPN?
Core Competence in Performance, Scalability & HA
SSL-based Access Differentiated hardware platforms
Proven in tens of thousands of customer Global & local stateful clustering
deployments!
Compression, SSL acceleration, GBIC
Market leadership/industry Awards
connectors, dual hot-swappable hard
Product maturity disks, power supplies, and fans
Single Platform for All Ease of Administration
Enterprise Remote Access Needs Centralized management
Support for complex Web content, Files, Granular role-based delegation
Telnet/SSH using only a browser
Extensive integration with existing
Client/Server applications
directories
Adaptive dual transport method for Native automatic endpoint remediation
network-layer access and password management integration
End-to-End Security
Robust host checking capabilities
Dynamic Access Privilege Management
3rd party security audits
36 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Hinweis der Redaktion Companies today must be able to balance providing ubiquitous access to their users for maximum productivity while enforcing strict security measures to protect their valuable corporate resources. In the early 1990s, there were only limited options to extend the availability of the enterprise's network beyond the boundaries of the corporate central site, comprised mainly of extremely costly and inflexible private networks and leased lines. However, as the Internet grew, it spawned the concept of virtual private networks (VPNs) as an alternative. Most of these VPN solutions leveraged free/public long-haul IP transport services and the IPSec protocol. VPNs effectively addressed the requirements for cost-effective, fixed, site-to-site network connectivity; however, for mobile users, they were, in many ways, still too expensive, while for business partners or customers, they were extremely difficult to deploy. It is in this environment that SSL VPNs were introduced, providing remote/mobile users, business partners and customers an easy, secure manner to access corporate resources through the internet and without the need to pre-install a client. The earlier remote access technology, an IPSec VPN client, has been a weak security link for many corporations because it offers IT administrators little control over infected users entering the network. The original design of the IPSec VPN protocol was to connect one private network to another with the assumption of both networks are secure with the same security policies. However, network viruses and worms can propagate rapidly and widely through a geographically extended VPN. This is especially pertinent when users are partners connecting from their office PCs and remote devices which are not a part of a company’s controlled network. In contrast to IPSec-based methods, SSL VPNs have more sophisticated controls for protecting the network. Unlike IPSec VPNs, SSL VPNs offer control at the user, application, and network level with awareness of the security health status of connecting end nodes. For example, a connecting computer can be scanned to ensure it meets corporate security requirements. Based on the knowledge of who the user is and which computer he/she is using, the SSL VPN can grant appropriate access rights and audit at a granular level, showing the precise resources accessed. With all these benefits, it is small wonder that SSL VPN technology is being seen as the best means to connect remote users, in addition to partners and customers. SSL VPNs provide connectivity via Secure Sockets Layer, which is part of all standard Web browsers. The power of SSL-based solutions meet the need for scalable remote access deployments, with the ability to provide access to all applications such as client/server applications and access to the complete network, as well as clientless connectivity to telnet/SSH hosted servers, complex Web applications, files, and more. SSL VPNS provide a valid means to deliver “whole enterprise access,” regardless of where the user is coming from and whether they have a dedicated laptop or not. In addition, the Juniper Networks Secure Access appliances with the Secure Meeting Option provides secure anytime, anywhere cost effective online Web conferencing and remote control. Juniper leads the SSL VPN market with a complete range of appliances that meet the needs of companies of all sizes (from small and medium businesses granting access to remote/mobile employees, to large, global enterprises providing extranet portals for their partners, and customers, as well as service providers that use SSL VPN as a remote access solution for their own users and/or providing SSL VPN as a managed service offering to their customers). 2) The products use SSL, the security protocol found in all standard Web browsers. SSL eliminates the need to deploy pre-installed client-software on desktops, laptops, or mobile devices. In addition, it requires no changes to internal servers, and dramatically reduces maintenance and support costs compared to other remote access solutions such as IPSec. 3) All remote users need is a valid username and password and a web browser. Juniper’s SSL VPN solution not only verifies the user, but also that the device meets enterprise security requirements. If devices are deemed a risk based on predefined corporate policy, user access can be denied or severely restricted. 4) Once both the user and device pass verification, Juniper’s SSL VPN opens up a secure path that keeps communications and data both private and intact, using the strongest encryption methods available today. 5) Juniper SSL/VPN is a cost-effective and reliable solution for businesses looking for a secure backup in the case of a natural disaster such as a snowstorm or a flu pandemic. If workers cannot get to the office, a special licensing option, that will meet the spike in remote access demand, grants access to stranded employees, making sure they stay connected. Virtualization is a hot topic these days as a way of reducing costs for companies. SA v6.5 interoperates with Virtual Desktop Infrastructure (VDI) products, including VMware's View Manager and Citrix’s XenDesktop. This integration with VDI products enables administrators to deploy virtual desktops alongside the SA Series SSL VPN Appliances. SA v6.5 delivers a centralized point of configuration for administrators to configure remote access policies for virtual desktop access through leading virtualization products from VMware and Citrix. It also provides users with a VDI client with which to access the virtual desktop and provides flexible client fallback options, simplifying deployment and management for administrators. Pre-authentication information Authentication Policy Role Mapping Resource Authorization Policy Browser Type Time Place Digital Certificate Endpoint Security (Host Check) Source IP Address Interface Type Sign-in URL Permit/Deny Authentication Policy Establish authentication level Enforce authentication & password policy Based on Cert Attributes Device Attributes Network Attributes Determine session role(s) Establish session access settings Establish session UI Based on Session Attributes User Attributes Device Attributes Network Attributes Dynamic permit/deny policy Granular resource controls (URL, file, or server) Based on: Role(s) Session Attributes User Attributes Device Attributes Network Attributes In 2008, over 7 million new programs discovered; in 2007, it was over 5 million* *Source: 1985-2008 AV-test.org report 40% more effective at blocking, detecting and removing spyware threats than competitors