©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.

Slides:



Advertisements
Similar presentations
Unified Communications Bill Palmer ADNET Technologies, Inc.
Advertisements

Secure Single Sign-On Across Security Domains
The leader in session border control for trusted, first class interactive communications.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Device Evolution Greg Pelton Chief Technology Officer
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
Managed Infrastructure. 2 ©2015 EarthLink. All rights reserved. IT resources are under pressure… is it time to rethink the IT staffing model? Sources:
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Internet, Intranet and Extranets
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Authenticated Network Architecture
MobileFirst Protect 1. MobileFirst Protect (MaaS360) 2 Mobile Device Management Enable and Manage Apple iOS smartphones, and tablets with Apple DEP Gain.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
© 2009 Avaya Inc. All rights reserved. Introduction to SIP Trunking Alan Klein Consulting Systems Engineer February 2009.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
IT Expo SECURITY Scott Beer Director, Product Support Ingate
Remote Workers Without the Hassle
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Mobility And Anywhere Access Clancy Priest Technology Services Director City of Hayward.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.
70-411: Administering Windows Server 2012
© 2013 Avaya Inc. All rights reserved Avaya UC Collaboration Solution A complete solution for midsize companies Mobility Video SecurityNetworking.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Adoption of IP in the Next Generation Contact Center Rupesh ChokshiGautham NatarajanDirector, AT&T.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Get identities to the cloud Mix on-premises and cloud identity for improved PC, mobile, and web productivity Cloud identities help you run your business.
7.4 Update - ISE Session.
User and Device Management
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
0 What Does SIP Bring to Your Customer Experience ? Extend VoIP and IP Contact Center values through support of SIP o Media and location independent support.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,
© 2014 IBM Corporation Mobile Customization & Administration IBM Connections 5.0 Workshop Author: Paul Godby IBM Ecosystem Development Duration: 30 minutes.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.
Short Customer Presentation September The Company  Storgrid delivers a secure software platform for creating secure file sync and sharing solutions.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.
Today’s challenges Data Users Apps Devices
Secure Single Sign-On Across Security Domains
The time to address enterprise mobility is now
Hybrid Cloud Web Filtering Platform
Mobile Data Solutions Inc
Cloud-First, Modern Windows Management and Security
Data and Applications Security Developments and Directions
Forefront Security ISA
SonicWALL Access Security Legacy & Current Themes
Mobile Device Management
Access and Information Protection Product Overview October 2013
TechEd /6/ :24 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.
IT Management, Simplified
Microsoft Virtual Academy
Presentation transcript:

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, #AvayaATF Shmulik Nehama, Identity Engines Portfolio Leader Avaya Network Access and the Acronym Soup – NAC, MDM, SBC & SSO

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources 3

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL The Acronym Soup Avaya Identity Engines Authenticates & authorizes network access of users and any network attached device (IP phones, medical devices, user devices, printers etc.). Dynamically provisions the network to contain the access of users and the network attached devices Avaya Identity Engines Single Sign On (SSO) is an area of access control that enables users to login once and/or with same enterprise credentials and gain access to applications without being prompted to login again at each of them and/or without the need to maintain different set of credentials. MDM manages mobile devices in the context of which applications should / should not be on user handheld devices, password management, patch and software management. MDM manages mobile device data and apps but NOT control / provisions the network for access Provides network security for SIP-based applications without the need for a VPN client on the accessing device. Controls access of UC applications (NOT network access of users / devices) DevConnect (MobileIron) Avaya Session Border Controller Avaya Solution NAC Network Access Control SSO Single Sign On SBC Session Border Control MDM Mobile Device Management Avaya Solution 4

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL The Acronym Soup Avaya Identity Engines Authenticates & authorizes network access of users and any network attached device (IP phones, medical devices, user devices, printers etc.). Dynamically provisions the network to contain the access of users and the network attached devices Avaya Identity Engines Single Sign On (SSO) is an area of access control that enables users to login once and/or with same enterprise credentials and gain access to applications without being prompted to login again at each of them and/or without the need to maintain different set of credentials. MDM manages mobile devices in the context of which applications should / should not be on user handheld devices, password management, patch and software management. MDM manages mobile device data and apps but NOT control / provisions the network for access Provides network security for SIP-based applications without the need for a VPN client on the accessing device. Controls access of UC applications (NOT network access of users / devices) DevConnect (MobileIron) Avaya Session Border Controller Avaya Solution NAC Network Access Control SSO Single Sign On SBC Session Border Control MDM Mobile Device Management Avaya Solution 5

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 6 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? Network Access with policies, controls and provisions access to a network –Including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do Role-based Access is where access to the network is given according to profile of the person and the results of a posture / health check. –e.g. in an enterprise, the HR dept could access only HR dept files if both the role & endpoint meets anti-virus being up-to-date. 7

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Enterprise Network w/Multiple Policy Enforcement Locations 8 Multiple repositories of identity information Multiple locations of enforcement points Challenges with in providing access to Guest Access Contractors Access Challenges in implementing consistent access behavior across the network Challenges with mergers and acquisitions Enterprise Network with Multiple Constituents and Policy-Enforcement Locations

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Enterprise Network w/Centralized Identity and Policy Services 9 Identity and Policy Service in the Enterprise Network It is principally the variety of enforcement devices that was not foreseen Centralization of both identity and policy information in a single location Simplification Consistency Self-service Guest Access with IT Hands-off Contractor Access

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Granular Control Network operators define policies, such as roles of users and the allowed network areas to access and enforce them based in switches, WLAN Controllers etc. Enhanced Security Ability to prevent access from end-stations that do not meet security posture requirements Regulatory Compliance Enforce access policies based on authenticated user identities 1. Define roles 2. Define network access level 10

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Network Access Features 11 IP Phone Visitor or Business Partner Personal Machine Corporate Desktop Network Printer Network Device Wireless Access Point Surveillance Camera Fax Machine Medical Device Local Server/App Guests & Guest Devices Enterprise Network It is not only about users and their devices but also about any network attached device Each access port is not assigned until a user/device attempts access. Once authenticated & authorized, user/device is granted appropriate access level.

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Typical Network Access Architecture 12 NETWORK ABSTRACTION LAYER DIRECTORY ABSTRACTION LAYER Reporting & Analytics Posture Assessment Guest Access Mgmt Identity Engines Access Portal CASE Wizard Policy Enforcement Point Policy Decision Point Policy Information Point

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Network Access Features Basic Features Authentication & Authorization Guest Access Management Posture Compliance Compliance checking for un- managed devices e.g. BYOD Reporting and Analytics Directory Federation 13 Advanced Features Unified Solution for wired and wireless network access IT Hands-Off self-service Guest access management Device Finger-printing BYOD On-boarding High Availability

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL SPB Network Access Automation 14 UC Zone Corporate Zone Guest Zone Contractor Zone CAMPUS BRANCH DATA CENTER BRANCH CAMPUS User connects to an edge switch User is placed on a VLAN VLAN is mapped to an SPB ISID Done!

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Multi-Host Multi-Authentication MHMA is a network switch capability where Identity Engines separately authenticates and authorizes multiple clients connected to a switch port Each client must complete EAP authentication before the port allows traffic from the users MAC address, only traffic from authorized hosts is allowed Enables to direct multiple hosts on a single port to different VLAN’s. Used for separating voice and data traffic on the same port 15

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 16 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? Mobile Device Management (MDM) secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices Smart-phones, tablets, mobile printers, mobile POS devices, etc 17

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Reduce support costs and business risks Control and protect the data and configuration settings for all mobile devices in the network Manage devices IT can use MDM to manage the devices over the air with minimal intervention in employee schedules Visibility With mobile devices becoming ubiquitous and applications flooding the market, mobile monitoring is growing in importance. Say YES to BYOD 18

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Typical MDM Solution Server & Client Components Server component sends out management commands to devices Client component runs on device to receive and implement commands Must have an agent installed and maintained Constant 24x7 race after device and OS updates On-premise and Cloud (SaaS) based solutions 19

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities Basic Features Inventory Management & Real Time Reporting Setting Passcode Policies Remote Lock and Full Wipe Remote Selective Wipe OTA Configuration ( , Wi-Fi, VPN, Certs) Access Controls Jail-broken / Rooted Device Detection Advanced Features Enterprise App Catalog App Blacklisting / Whitelisting Secure Document Sharing Certificate Management Geo Location Event-based Security and Compliance Rules Engine Roaming Usage Dual Persona  separate Personal vs. Corporate content Monitor access to App Store Data encryption 20

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities and the Use Cases Cross platform device support Configuration management Device monitoring License control Software distribution Inventory & asset control 21 MDM requirements vary depending on use case

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities and the Use Cases 22 MDM requirements vary depending on use case organizations w/ very large number of mobile users small number of mobile users non-regulated organizations (e.g. retail) strongly regulated e.g. Finance, defense

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities and the Use Cases 23 MDM requirements vary depending on use case organizations w/ very large number of mobile users small number of mobile users non-regulated organizations (e.g. retail) strongly regulated e.g. Finance, defense data encryption, dual persona, selective wipe detect OS & version, installed apps, roaming usage, content, device wipe

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Market Landscape 100+ vendors who claim some level of MDM functionality 20 vendors in Gartner MDM MQ Non of the NAC vendors provide true MDM capabilities Requires to keep-up with intense pace of mobile device market updates and innovation 24

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Avaya’s MDM strategy Today Avaya Flare and one-XC Applications interoperability tested with MobileIron Tomorrow Identity Engines MDM integration with top vendors Ignition Server will query mobile device attributes from the MDM and make attributes part of the Access Policy Avaya Flare & one-XC Applications on user devices 25

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Avaya’s MDM strategy MDM 26

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Avaya’s MDM strategy MDM Identity Engines Access Policy 27

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 28 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? A device or application that governs the manner in which calls, also called sessions, are initiated, conducted and terminated in a VoIP network. An SBC can facilitate VoIP sessions between phone sets or proprietary networks that use different signaling protocols. An SBC can include call filtering, bandwidth use management, firewalls and anti-malware programs to minimize abuse and enhance security 29

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Denial of Service Call/registration overload Malformed messages (fuzzing) Configuration errors Misconfigured devices Operator and application errors Theft of service Unauthorized users Unauthorized media types Viruses and SPIT Viruses via SIP messages Malware via IM sessions SPIT – unwanted traffic 30 Source: Nemertes Research Enterprise Adoption of Collaboration Tools Mobile Collaboration Security Threats

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL UC Security – Should You Care? 31 Credit card privacy rules: other compliance laws require security architecture specific to VoIP and other UC. 1 Toll fraud: yearly enterprise losses in Billions inadequate securing of SIP trunks, UC and VoIP applications 5 Toll fraud: yearly enterprise losses in Billions inadequate securing of SIP trunks, UC and VoIP applications 5 Yankee survey

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL OSI Model - 7 Layers of Attacks 32 Typical firewall protection Layer 3-4 protection spam filters layer 7 application specific firewall SIP, VoIP, UC layer 4 to layer 7 application SIP Trunking - a trunk side application SIP Line (phone) side (internal and external) access another application Wikipedia on 22Jul2011: Avaya SBCE provides a VoIP/UC trunk/line side layer 4-7 application protection Think of OSI model as a 7 foot high jump

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 33 Complements Existing Security Architecture Avaya SBCE Firewall Application Level Security Proxy (Policy Application, Threat Protection Privacy, Access Control)

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Session Border Control Use Cases 34 SIP Trunking Remote Worker Avaya SBC for Enterprise CS1000 Avaya SBC for Enterprise Use Cases Avaya SBC for Enterprise

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL SBC Use Cases – SIP Trunking 35 Use Case: SIP Trunking to Carrier  Carrier offering SIP trunks as lower-cost alternative to TDM Carrier SIP trunks to the Avaya SBC  Avaya SBC located in the DMZ behind the Enterprise firewall  Services  security and demarcation device between the IP-PBX and the Carrier − NAT traversal − Securely anchors signaling and media, and can − Normalize SIP protocol InternetEnterprise IP PBX Avaya SBCE DMZ SIP Trunks Carrier

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Secure Remote Worker with BYOD 36  Personal PC, Mac or iPad devices  Avaya Flare ®, Avaya one-X ® SIP client app  App secured into the organization, not the device  One number UC anywhere Avaya SBCE Avaya Aura ® Presence Server System Manager Communication Manager Avaya Aura Conferencing Aura Messaging Session Manager Untrusted Network (Internet, Wireless, etc.)

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Secure Remote Worker with BYOD 37 Use Case: Remote Worker  Extend UC to SIP users remote to the Enterprise  Solution not requiring VPN for UC/CC SIP endpoints Remote Worker are external to the Enterprise firewall  Avaya Session Border Controller for Enterprise − Authenticate SIP-based users/clients to Aura Realm − Securely proxy registrations and client device provisioning − Securely manage communications without requiring a VPN InternetEnterprise Avaya SBCE DMZ Remote Workers IP PBX

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 38 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? Single Sign On (SSO) is a property of access control that enables users to login with one set of enterprise credentials and gain access to systems without being prompted for different credentials or login again. Maintaining one set of credentials and reducing multiple logins. 39

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Reduces password fatigue from different user name and password combinations Reduces time spent re- entering passwords for the same identity Reduces IT costs due to lower number of IT help desk calls about passwords 40

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 41 ERP HRM CRM Intranet Applications Enterprise Identity Realm 3 rd Party Web Sites Salesforce Social Media Web Single-Sign-On Enterprise Directory Infrastructure Local Single-Sign-On

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 42 SM AAC CM PS Enterprise Identity Realm Enterprise Directory Infrastructure Aura Applications Identity Realm Current Situation  The enterprise and Aura realms are separate where each app has its own notion of user identity, credentials and manages them separately.  Integration with enterprise AAA is difficult, inconsistent and brittle

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 43 SM AAC CM PS Enterprise Identity Realm Enterprise Directory Infrastructure Customers Want  Users to authenticate to enterprise AAA service  Minimize the number of user identities and credentials  Minimize and standard approach to authentication & credential mgmt  Consistent user experience Aura Applications

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Stepping Identity Engines Up into the Applications Access Incorporating SAML as an authentication protocol Web Clients Think Clients Introducing the concept of Identity Provider for Applications Introducing the concept of Service Providers Focus on Aura UC Applications Flare One-X Communicator Avaya Aura Conferencing 44

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 45 Access Policy DecisionIdentity Routing RADIUS SessionM anager Presence Voice/ Video Voice/ Video App Services App Services Wireless VPN Firewall Wired LDAP Kerberos Active DirectoryMulti-factor Authentication Novell/Oracle Directory Access Portal RADIUS Users Devices Applications Application SSO Core 802.1X HTTP, SIP Federated Identity LayerManagement and Session ProvisioningSecure Enterprise Network SAML Assertions Identity Engines Unified Identity Provider

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On for one-X Comm. 46 LDAP Kerberos Active Directory IAM Novell/Oracle Directory IDE Proxy IDE Session Database Public Network DMZ Intranet Zone Credentials + AuthReq Identity Engines IDP Policy Decision HTTP, PAOS Get Credentials Get Credentials CM H Auth Req + Challenge 2 3 Authorized + AuthResp 5 6 SMGR (incl. Adopter EMs) SMGR (incl. Adopter EMs) OpenA/M SSO/RBAC Mgmt Database & Directory Provisioning / Management LDAP Sync LDAP Sync / Flow-through Provisioning Avaya One-X CM Sync Realm Mapping Data

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On for Flare 47 LDAP Kerberos Active Directory IAM Novell/Oracle Directory IDE Proxy IDE Session Database Public Network DMZ Intranet Zone Credentials + AuthReq Identity Engines IDP Policy Decision HTTP, PAOS Get Credentials Get Credentials SM/PPM SIP 7 Auth Req + Challenge AAC Authorized + AuthResp 5 6 SMGR (incl. Adopter EMs) SMGR (incl. Adopter EMs) OpenA/M SSO/RBAC Mgmt Database & Directory Provisioning / Management DRS OPI LDAP Sync LDAP Sync / Flow-through Provisioning Realm Mapping Data

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda Network Access Mobile Device Management Network Access Control SIP Security Single Sign On Resources 48

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL NAC Network Access Control NAC Network Access Control SBC Session Border Controller SBC Session Border Controller MDM Mobile Device Management MDM Mobile Device Management SSO Single Sign On SSO Single Sign On “ Avaya is the company that is stepping in with a true, holistic BYOD proposal that covers all the pieces.” Zeus Kerravala, ZK Research 49

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Resources Identity Engines Product Management Shmulik Nehama Session Border Controller Product Management Jack Rynes Secure BYOD YouTube Video 50

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Thank #AvayaATF 51

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.