Securely connecting users and applications from anywhere to

anywhere in today’s global economy.

Mobile Now™ for BYOD All your business applications.None of the business risk.

AG series secure access gatewaysJump in. The mobile waters are fine.

Sections

JUMP IN.THE MOBILE WATERSARE FINE.

1. What is a secure access gateway?

2. Array secure accesssolutions- SSL VPN- Remote desktop- Mobility- Business continuity

3. Array AG Series secure access gateways- Product line- Feature matrix

4. Key takeaways

5. Case studies and global satisfied customers

What is a secure access gateway?

IPsec VPN

Network-level encrypted access

• Remote access

• Managed laptops

• Intranet only

• Requires client

Anytime, anywhere secureaccess with greatersecurity and control

VPN remote access for select workers onmanaged PCs

SSL VPN

L7, L4 & L3 encrypted access

• Any device

• Intranet or extranet

• Clientless

• Granular control

2000

2003

2006

Remote access as an enterprise-wide strategy for worker productivity

Scalability

Enterprise-wide remote access

• Support employees, partners and guests

• Thousands of users and burst capacity for BCP events

Adapting secure access to address new apps,devices and consumerization

Mobility

Smart phones, tablets and BYOD

• Data, device and app management

• Preventing data leakage when using personal devices

2009

2013

ANYTIME-ANYWHERE ANY DEVICE ANY APPLICATION

Internal / Campus Network

• Up to 256 virtual gateways• 2048-bit SSL encryption• L3, L4 and L7 connectivity• Advanced AAA integration• Dual-factor authentication• Single sign-on

What is a secure access gateway?

• Per-user policy engine• Auditing and reporting• End-point security• RDP over SSL • Wake-on-LAN• BCP contingency licenses

SECURE ACCESS ARCHITECTURE• iOS and Android support• Per application L3 mobile VPN• L4 SDK for secure tunneling• Secure Web browser• Enterprise app store• Client, app and device security

Road WarriorsRemote Users

Native & Web AppsEnterprise ApplicationsPhysical & Virtual Desktops

LAN UsersLaptops & Desktops

WiFi UsersBYOD

Home WorkersDay ExtendersBusiness Continuity Users

Smart Phone &Tablet Users

Array secure access solutions

AccessDirect™SSL VPN

Traditional Web or network-level VPNfor remote workers.

DesktopDirect™Remote Desktop

Securely access office desktops and apps from any device or location.

MotionPro™Secure Mobility

Securely connect devices and apps to enable business mobility and BYOD.

Business ContinuityContingency Licenses

Seamless, cost-effective burst remote access for planned and unplanned events.

AccessDirect SSL VPN remote access

Pure SSL “anytime-anywhere” browser-based access

Up to 256 virtual instances support multiple communities of interest - Business units, partners, guests, contractors

Scalable up to 128,000 concurrent users- Enables secure access

“enterprise-wide”

Range of access methods- Layer-3 client for trusted workers- Specific resources for unmanaged devices - Web portals for extranet partners

ApplicationsApplications

Users

SSL VPN security architecture

End Point SecurityHost Checking

Adaptive PoliciesSecure DesktopCache Cleaning

• Eliminates all elements of browser cache• Local sandbox prevents data leakage

SSL

AAA• Supports all industry

standards (AD, RADIUS, LDAP, SecureID)

• RSA certified• Unique SSL integration• Fine grain ACLs• L3, L4 and L7• External mapping• Black list and white list• Full audit trail• Who, what and when• Syslog support• Configurable email alerts

FW

Proxy

File Shares• Clientless

access to shared directories

• CIFS/NFS

Web Apps• Clientless Web

application support

Networks• Full L3 VPN• Any IP protocol• L4 redirection• Denial of Service (DoS) attack protection

• ACLs (Layer 4)• URL filtering (Layer 7)• Network probe logging

• All standard cipher-suites• Hardware-accelerated• 2048-bit key lengths• Client-side certificates

• Complete separation between non-secured and secured networks

Multiple communities of interest

Internet OnlyNetwork Access Application Access Quarantine

Engineering Finance Partners Guests

Portals are customizable to the look and feel and resource needs of each community of interest

Portals are customizable to the look and feel and resource needs of each community of interest

Each portal is fully partioned and independently manageable

Each portal is fully partioned and independently manageable

Etc.

Portal 1 Portal 2

Network Access

Portal 3 Portal 4 Portal 5

Large healthcare insurance provider- $40B in yearly revenue- Over 12M members

Why the need for SSL VPN?- Stove pipe secure access for various use cases was costly to

manage and too prone to inconsistencies and data leakage- IPsec was more expensive and less secure vs. SSL VPN

AG Series solution and benefits- Consolidated secure access for local and remote employees,

partners and guests on a unified platform- Demonstrable accountability for HIPAA compliance,

increased productivity for employees, partners and guests, and decreased cost and complexity

Humana – SSL VPN remote access

DesktopDirect remote desktop access

Thin-client RDP access over SSL- Data never leaves the network and never resides on end-user devices- Applications on office desktops usable from remote or mobile devices- Securely enables “bring your own…PC, laptop, tablet or smart phone”- Cost-effectively leverages existing investments in infrastructure, applications

and devices to rapidly scale productivity and enterprise mobility

Remote desktop access architecture

Ideal for boosting office worker productivity, ensuring business continuity and enabling secure mobility for business

tablets

smart phones

Securelyconnectto officedesktopsfrom anydevice,

anywhere.

WindowsVMview

physical desktops

virtual desktops andterminal services

pcs

laptops

Productivity and business continuity

OutbreaksNatural Disasters

Repairs & Deliveries

Sick Child Nights & Weekends

Home Working

Prevent Revenue Loss Maintain Productivity Grow Productivity

Provides a means for office workers (those without managed laptops and VPN access) to remain productive under any circumstance

Customer-owned community bank- 5 locations - Over $1B in assets

48x increase in mobile devices since 2007- Needed to quickly and cost-effectively provide access to bank

applications from tablets and laptops without risking data leakage- Selected DesktopDirect solution for BYOD, remote and mobile access

DesktopDirect impact on remote and mobile productivity- 11x unique users- 120x total hours spent- 10x time per user- No security issues, no additional IT staff required

Needham Bank – remote and mobile access

MotionPro secure mobile access

Enterprise application portal

Secure access to enterprise resources - Secure browser for Web resources- VPN on-demand for native apps- SDK for secure native app tunnels

Enterprise app store

Secure mobile access- Client security- App management- Device management

Part of an overall mobility strategy- Complements MDM

Secure application access

Secure Browser L7 Web apps launched

in secure browser

Only authorizedapplications may use the

VPN tunnel

Secure SDK for Native AppsNative apps developed withSDK will start L4 VPN tunnel

VPN on Demand for Native AppsConfigured native apps will start L3 VPN automatically

Client security

Trigger Pre-login, post-login, timer

Condition

Hardware Manufacturer, model, passcode

OS Type, version, jail-broken, rooted

App Black and white list, signed

ActionLock screen, terminate session, delete MotionPro

Alert user, prompt user, log message

Application and device management

Access Control Only managed apps may use VPN tunnel

Application Management

Portal All apps on enterprise app store

Install Whitelist apps installed automatically

Uninstall Managed apps

Device Management

Restore settings and passwords

Performed manually by administrator

MotionPro vs. MDM

MotionPro and 3rd party mobile device management (MDM) solutions are complementary

Both areneeded toenable an enterprisemobilitystrategy

MotionProprovides scalable

mobile VPNwith basic device

and applicationmanagement

MDM providesadvanced deviceand applicationmanagement

but they are not a VPN gateway

COPCP – HIPAA compliant mobility

Ohio’s largest physician-owned cooperative- Over 50 physician offices and over 200 physicians

Healthcare mobility requirements- BYOD strategy that provides physicians with

flexibility while also addressing IT requirements for security, manageability and cost

Benefits for physicians and IT- Renew prescriptions anytime, anywhere

and move seamlessly between exam rooms using iPads

- Reduces cost and complexity while improving productivity and compliance

Institutional research and brokerage firm- Founded in 1982, based in New York

Why the need for BYOD?- Employees bringing personal iPads to the office and

wanted access to corporate applications- Field employees wanted to use iPads instead

of laptops

Array AG impact on BYOD enablement- No user learning curve, no new passwords- $30K HW install vs. $300K SW upgrade - 3 week installation vs. 8 month project- One HA pair and one DR unit, that’s it!

Buckingham Research – BYOD

Business continuity contingency licenses

Array Business Continuity (ABC)- Scalable and affordable burst

capacity to meet the demands of planned and unplanned surge remote and mobile access

Affordable and flexible contingency license certificates- Available in 10-day denominations

and tiered sizes- Triggered by exceeding standard

user licenses and may be utilized in consecutive or non-consecutive 24-hour increments

Any mix of mobile and remote users- AccessDirect, DesktopDirect or MotionPro

Morgan Stanley – Business continuity

World’s 7th largest bank- $31B in revenue- 53,000 employees

DesktopDirect solution- 25+ appliances in 8 countries with 5 major data centers- 10,000 standard DesktopDirect user’s licenses - Peak capacity of 36,000 users via Business Continuity

licenses

January 2011- Massive snowstorm paralyzed the east coast- 12,000 users still were able to work using DesktopDirect- Prevented the loss of over $10M in productivity

AG Series product line

PHYSICAL & VIRTUAL APPLIANCES SCALING UP & OUT FOR

10,000 Concurrent UsersVMware, XenServer,

OpenXen

AG1000

300 Concurrent Users

AG1100

3000 ConcurrentUsers

AG1200

25,000 ConcurrentUsers

AG1600

128,000 ConcurrentUsers

AG1500

72,000 ConcurrentUsersAG1150

10,000 ConcurrentUsers

AG1000T

600 ConcurrentUsers

AG Series feature matrix

● = Standard AccessDirect DesktopDirect MotionProO = Optional SSL VPN

Remote AccessRemote

Desktop AccessSecure Mobile

Access

Clustering ● ● ●

WebUI ● ● ●

SSL & IPsec Encryption ● ● ●

Virtual Portals 5 Included 5 Included 5 Included

Web Applications ●

L3 VPN Client ●

Host Checking & Cache Cleaning ●

L4 Thin Client ●

Array Registration Technology ●

Wake-on-LAN ●

Enterprise App Store ●

L3 Mobile VPN ●

L4 SDK Tunneling ●

Secure Browser ●

Client, App & Device Security ●

Additional Virtual Portals O O O

Array Business Continuity O O O

Multi-Language WebUI ● ● ●

Superior security, scalability and flexibility

Up to 128,000 Concurrent Users

Up to 3 GbpsThroughput

Up to 256Virtual Gateways

AG SeriesSecure Access Gateways

Unmatched scalability- Consolidate remote and

mobile access for anentire workforce

- Absorb surge remote and mobile users

More secure- Minimize attack vectors- Simplify management to ensure consistent policies

Highly flexible - Integrated remote access, remote

desktop and secure mobile access- Support multiple communities of interest

including employees, partners and guests

Superior value of ownership and ROI

Small Medium Large Global

20% - 50% Less Expensive

Array

Competition

Superior Service & Support

$

Array AG vs. the competition

SMALL MEDIUM LARGE

AG1500Up to 72,000

concurrent users

Juniper MAG6611Up to 40,000

concurrent users

Array = 31% less expensive

Array = 32K more users

Array supports almost twiceas many users as Juniper and is almost one third less expensive.

Juniper MAG4610Array = 18% less

expensive for 1000 users

Array AG1100Up to 3000

concurrent users

Juniper MAG6610 Array = 25% less

expensive for 2000 users

Array AG1200Up to 25,000

concurrent users

Juniper MAG6610Array = 27% less

expensive for 11,000 users

Juniper MAG6611Array = 35% less

expensive for 22,000 users

Key takeaways

Scalable, intuitive secure access for supporting remote and mobile users

- Increase productivity- Mitigate business disruptions- Enable enterprise mobility and BYOD

Consolidated SSL VPN, remote desktopaccess and secure mobile access

- Minimizes attack vectors- Simplifies management- Ensures consistent policies- Streamlines the end-user experience

Cost-effective solution for mobilizingany size workforce while preventing attacks and data leakage

JUMP IN.THE MOBILE WATERSARE FINE.

Global satisfied customers

Securely connecting users and applications from anywhere to

anywhere in today’s global economy.

Mobile Now™ for BYOD All your business applications.None of the business risk.

AG series secure access gatewaysJump in. The mobile waters are fine.