avaya identity engines overview
DESCRIPTION
Avaya identity engines overviewTRANSCRIPT
Avaya Identity Engines r8.0Allowing Network Access without compromising Security
© 2011 Avaya Inc. All rights reserved. 2
ScalableFuture-proof Wireless
Identity-basedNetwork Access Control
OptimisedFor collaborative, real time
applications
SecureNetwork & Device
security
Plan for Success…with Avaya’s BYOD Solution
© 2011 Avaya Inc. All rights reserved. 3
What is Identity Engines?
Identity and Network Access Control (NAC) solution
Ensures consistent and predictable network access for managed and unmanaged devices
Controls who can use the network to access which resources, whenand where they may do so
Supports any device, any network, any vendor
Centralised, out-of-line solution for maximum scalability and cost effectiveness
Automated, standards-based
Software-only, highly available
Facilitates regulatory compliance
© 2011 Avaya Inc. All rights reserved. 44
Identity EnginesAuthenticated Network Architecture
NET
WO
RK A
BSTR
ACTI
ON
LAY
ER
DIRE
CTO
RY A
BSTR
ACTI
ON
LAY
ER
Reporting & Analytics
Posture Assessment
Guest Access Mgmt
Identity Engines
Access Portal
CASE Client
PolicyEnforcement Point
PolicyDecision Point
PolicyInformation Point
© 2011 Avaya Inc. All rights reserved. 55
Identity Engines Portfolio
Highlights Ignition Server - centralised policy
engine that performs authentication and authorisation for clients attempting network access
Guest Manager - allows front desk staff to create temporary guest user accounts
Posture Compliance – integrates with MS-NAP for managed client health assessment
Analytics – presents network authorization and authentication information in a variety of summary and detail formats
Access Portal – compliance checking for un-managed devices e.g. BYOD
Addi
tiona
l App
licat
ions
Core Application
Ignition Server
MS-NAP Posture Compliance
Ignition Guest Manager
Ignition Analytics
Ignition Access Portal
© 2011 Avaya Inc. All rights reserved. 66
Access Portal– Captive Portal for wired and wireless access
from guest and BYOD– Device Profiling and BYOD on-boarding– Compliance checking leveraging C.A.S.E. and
MS-NAP
C.A.S.E. (Client for Accessing the Secure Enterprise)– Transient client for automating configuration of
managed and un-managed end-points to participate in NAC
– Dissolvable client: option for revertible or non-revertible deployment
GA date: April 30th 2012
Identity Engines - What’s New in 8.0?
Identity Engines r8.0 Best of Interop finalist
© 2011 Avaya Inc. All rights reserved. 7
Identity Engines Ignition Access Portal
Serves as a Captive Portal for non-802.1x clients
Performs device profiling
CASE Client for auto-config of 802.1x and MS-NAP on Windows machines
Device On-boarding
Facilitates network access to guest devices, non-802.1x devices,BYOD on-boarding, and CASE Client hosting.
A single license allows deployment of multiple Access Portals for different use against one Ignition Server instance .
© 2011 Avaya Inc. All rights reserved. 88
Identity Engines Ignition Access Portal Multiple Guest Managers may
be deployed against a singleinstance of the Ignition Server
Device Profiling– Administrator will be able to
set the Access Portal toperform device profiling ofwired and wireless devices
– Device fingerprinting:– Devices Type, Devices Sub-Type, Device OS, Devices OS Version– Devices attributes are sent to the Ignition Server for registration and association with user
BYOD On-boarding– Auto-register of Guest Visitor and Employee Guest devices– Device profiling of registering devices– Auto-association of devices with guest / employee records in Ignition Server– Populating device records in Ignition Server with device profile attributes
© 2011 Avaya Inc. All rights reserved. 99
CASE Client for Accessing the Secure Enterprise– Transient client to automate configuration of managed and guest’s un-
managed endpoint devices to participate in Network Access Control– CASE auto-configuration of 802.1x on Windows devices– CASE auto-configuration of MS-NAP on Windows devices
Identity Engines Ignition CASE Client
© 2011 Avaya Inc. All rights reserved. 1010
Identity Engines Use Cases
Corporate Governance and ComplianceBYOD access controlReducing OPEX through automationSimplified Guest Access by the front deskValidated remote access for non-corporate
devices (Teleworker, Disaster Recovery etc)M&A: integrating access policies and identities
from different organisations Authorised Fixed Assets (e.g. phones, printers,
health monitors etc.)
© 2011 Avaya Inc. All rights reserved. 1111
Enhanced Security
Granular Control
Reduced Costs
Simplicity
Flexibility
Regulatory Compliance
Identity Engines Conclusion
Secure Network Access for all users, all devices, all the time
© 2011 Avaya Inc. All rights reserved. 1212
ResourcesCollateral
– Brochures, Technical Configuration Guides etc.– BYOD customer presentation and white paper– Look in the Identity Engines Portal
Sales and Technical Support– Your local Avaya Networking Sales, CAM or TechOps contacts
30-Days Free Trial– ID Engines FULLY featured at URL: www.avaya.com/identitytr– All modules are included– Upgrade to production deployment simply by applying purchased licenses– Long term lab licenses available from
Avaya Product Management –ask your regular Avaya contact