Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Access Link (SAL): Supporting Cost Savings and Improving Secure Access.

Published byRuth Fox Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Access Link (SAL): Supporting Cost Savings and Improving Secure Access."— Presentation transcript:

1 Secure Access Link (SAL): Supporting Cost Savings and Improving Secure Access

2 ©2010. All rights reserved.2 Agenda  Key Business Drivers  More Control, More Choices  SAL Overview – Co-Resident Gateway – Gateway Server – Policy Server  Use Scenarios – Flexible Alarming – Secure Resolution – Policy Control  Bottom Line Benefits

3 ©2010. All rights reserved.3 Key Business Drivers  Common serviceability model across all Avaya Solutions  Flexible remote access architecture to support changing business needs  Common serviceability model across all Avaya Solutions  Flexible remote access architecture to support changing business needs  Choose who, when, and how products are accessed for remote support  Deliver industry standard secure remote access solutions  Provide strong authentication and logging of access sessions  Deliver industry standard secure remote access solutions  Provide strong authentication and logging of access sessions  Increase security with minimal incremental investment  Reduce ongoing costs to maintain security  Increase security with minimal incremental investment  Reduce ongoing costs to maintain security Changing security standards and unpredictable business demands $ Secure Network Operations Streamline and Easily Manage Networks Enable Multiple Service Partners Keep it Cost Effective

4 ©2010. All rights reserved.4 Next generation remote-access architecture for greater security, reliability, and flexibility More Control, More Choices  Secure remote service environment – Based on an egress access model  Simplified remote access across different connection types – Elimination of modems and need for dedicated VPN hardware – Use of Internet connectivity (HTTPS)  Increased support options ‒ Consistent serviceability architecture across existing and future Avaya products ‒ Co-managed by Avaya, partners, and system integrators

5 ©2010. All rights reserved.5 Secure Access Link Overview Sends and receives alarms and connection requests for select Avaya products Co-resides on select Avaya products that are delivered on the System Platform architecture Sends and receives alarms and connection requests for legacy products Standalone Software Central defines, distributes, and manages policies such as access restrictions, proxy configurations, and authentication realms Standalone software Control Costs Improve Security Increase Options Concentrator Servers used by partners and Avaya to receive alarms and access customer systems for support Bottom Line Benefits Co-Resident Gateway Policy Server Gateway Server

6 ©2010. All rights reserved.6 Automatically included on select Avaya products Co-Resident Gateway  Receives alarms from select current products  Forwards alarms to designated support centers  Polls for Connection Requests  Coordinates with Policy Server  Redundancy by way of Active- Active Gateways – one product alarms to multiple gateways Included Products How It Works  Select current products e.g. Avaya Aura TM Communication Manager and Contact Center  All future products  For complete list of supported products, click herehere

7 ©2010. All rights reserved.7 Provided as an entitlement (download) at no additional charge for customers that have purchased & registered Avaya product Gateway Server  Receives alarms from legacy products (click here for complete list of supported products)here  Forwards alarms to designated support centers  Polls for Connection Requests  Coordinates with Policy Server  Redundancy by way of Active- Active Gateways – one product alarms to multiple gateways Requirements How It Works  Installed on a server of your choice or a server provided by Avaya  Hardware – Single CPU with 1GHz clock speed – 2 GB of RAM – 40 GB of free drive space – 100 Mbps Ethernet Connection  Software – Red Hat Enterprise Linux 5.X – JRE 1.5 – Perl 5.8

8 ©2010. All rights reserved.8 Provided as an entitlement (download) at no additional charge for customers that have purchased an Avaya maintenance contract with remote access support Policy Server  Centralized Policy Definition and Management Tool  Defines Policy for Agent, Gateway, Concentrator Access, and Authentication  Deploys Policy to Agents and Gateway Server  Redundant server geographically dispersed to support failover (Roadmap) Requirements How It Works  Installed on your server of choice or a server provided by Avaya  Hardware – Single CPU with 1GHz clock speed – 1 GB of RAM – 40 GB of free drive space – 100 Mbps Ethernet Connection  Software – Red Hat Enterprise Linux 5.X (32-bit)

9 ©2010. All rights reserved.9 2. Secure Resolution Any technician servicing your network is uniquely identified with authentication based on industry standards Control all access and receive log of all service activities that meets stringent regulatory requirements Use Scenarios Secure Resolution 1. Flexible Alarming Alarms can be immediately sent to multiple service partners and/or your support center for quick response and improved oversight All legacy, current, and future Avaya products are supported along with non-Avaya products and capabilities 3. Policy Control Easily manage components and change your policy as needs change Set up unique access policies customized for each service partners’ level of service

10 ©2010. All rights reserved.10 1. Flexible Alarming Highlights Ability to better monitor alarm activity Always secure and encrypted transport of data Choose which service partners receive alarms for resolution Alarms generated by the Software Gateway Forwards SNMP Traps (alarms) from products Embeds SNMP messages in HTTPS wrapper Alarms sent outbound from customer’s network over the Internet (or B2B VPN) Alarms immediately distributed as specified to customer, partner(s), and/or Avaya support centers A Process Overview B C

11 ©2010. All rights reserved.11 1. Flexible Alarming Process

12 ©2010. All rights reserved.12 2. Secure Resolution Highlights Enforce PCI regulations for all remote access with 2FA ‒ VeriSign certificate and eTokens Multiple layers of security controls: 1.User Authentication 2.User Certificate Validation 3.Message Authentication 4.User Authorization 5.Auditing Agents poll servers for connection requests Authorization based upon customer policy Two-Factor User Authentication (2FA) required for all Avaya technicians Enforced and validated by SAL Software Gateway All remote access connection requests are logged Users create Connection Requests From Concentrator Remote Servers whenever remote access is required Connection Requests remain within Avaya or partner data centers Once remote access is granted, an end-to-end connection between the individual and device is created within the HTTPS proxy tunnel A Process Overview B C

13 ©2010. All rights reserved.13 2. Secure Resolution Process

14 ©2010. All rights reserved.14 2. Remote Access – System Platform

15 ©2010. All rights reserved.15 3. Policy Control Highlights Enables easy centralized management of components Allows for active monitoring and termination of remote access sessions Customize partner access policies based on level of service Optional software component deployed on customer-provided server Customer defines access policy IP address and port for connections Time of Day window for connection User- or Group-specific policies White List / Black List Policy enforced by SAL Software Gateway Servers A Process Overview B C

16 ©2010. All rights reserved.16 3. Policy Control Process

17 ©2010. All rights reserved.17 Bottom Line Benefits Control Costs Quickly implement new security or other policies Avoid costs associated with non-compliance and potential compromise Maintain compliance without costly workarounds Improve Security Meet or exceed requirements specified by your organization’s security standard Unique identity and strong authentication of technicians Auditable access Increase Options Accessible by customer, service partner, or Avaya technician Channel-neutral support and self-support options Legacy and future product support protects your investments Best Support for Avaya Customers Concentrator Core Servers Co-Resident Gateway Policy Server Gateway Server

18 ©2010. All rights reserved.18 APPENDIX

19 ©2010. All rights reserved.19 Concentrator Servers Optional capability partners can acquire to manage alarms from and remote access to customer networks For remote access  Minimum 2 Xeon Processors (Separate or Dual Core Processor)  4GB RAM  Minimum 80GB free disk space  Red Hat 5.X Operating System  JBoss 4.3 EAP For over 10 concurrent remote connections  Minimum 2 Xeon Processors (Separate or Dual Core Processor)  8GB RAM  Minimum 80GB free disk space  Red Hat 5.0 Operating System For alarm reception  Minimum 2 Xeon Processors (Separate or Dual Core Processor)  4GB RAM  Minimum 80GB free disk space  Red Hat 5.X Operating System  JBoss 4.3 EAP For Concentrator Server data storage and management  Oracle 10.2.0.4 – 10.2.x.x  Minimum 40GB free table space  1MB per month per managed device Avaya Secure Access Concentrator Core Server Avaya Secure Access Concentrator Remote Server Global Access Server (GAS)Oracle 10G Database

20 ©2010. All rights reserved.20 Restricted IP Addresses

21 ©2010. All rights reserved.21 SAL Training Courses  1. Navigate to http://www.avaya-learning.com  2. Login to the website (or register if it’s your first time)  3. Click on Advanced Search (on top of page)  4. Enter the course code (from the list below) and hit SEARCH  5. Click on the Course Title to access the course.  ATC00606WEN: SAL Gateway 2.0 Installation and Maintenance  ATC00607WEN: SAL Concentrator Remote 2.0 Operations  ATC00608WEN: SAL Concentrator Core 2.0 Operations  ATK00605OEN: SAL 1.8 Gateway Installation & Administration  ATK01111OEN: SAL 1.5 Policy Server Installation and Administration  If you have trouble accessing the training, please use the Contact Us link on the Avaya University web page.

Download ppt "Secure Access Link (SAL): Supporting Cost Savings and Improving Secure Access."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Pharos Uniprint 8.3.

Pharos Uniprint 8.3.
IBM Software Group ® Integrated Server and Virtual Storage Management an IT Optimization Infrastructure Solution from IBM Small and Medium Business Software.

IBM Software Group ® Integrated Server and Virtual Storage Management an IT Optimization Infrastructure Solution from IBM Small and Medium Business Software.
OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.

OVERVIEW TEAM5 SOFTWARE The TEAM5 software manages personnel and test data for personal ESD grounding devices. Test and personnel data may be viewed/reported.
Deploying GMP Applications Scott Fry, Director of Professional Services.

Deploying GMP Applications Scott Fry, Director of Professional Services.
Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.

Standards Certification Education & Training Publishing Conferences & Exhibits Using Outbound IP Connections for Remote Access EXPO 2005 Chicago, IL.
Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,

Compliance on Demand. Introduction ComplianceKeeper is a web-based Licensing and Learning Management System (LLMS), that allows users to manage all Company,
A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.

A Java Architecture for the Internet of Things Noel Poore, Architect Pete St. Pierre, Product Manager Java Platform Group, Internet of Things September.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.

1 Objectives Wireless Access IPSec Discuss Network Access Protection Install Network Access Protection.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Welcome Course 20410B Module 0: Introduction Audience

Welcome Course 20410B Module 0: Introduction Audience
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.

Tripwire Enterprise Server – Getting Started Doreen Meyer and Vincent Fox UC Davis, Information and Education Technology June 6, 2006.
VMware vCenter Server Module 4.

VMware vCenter Server Module 4.
Secure Access Link (SAL) Client Overview

Secure Access Link (SAL) Client Overview
Copyright Microsoft Corp. 2006 Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Similar presentations

Ads by Google