BT MobileXpress Cloud Secure
BT MobileXpress Cloud Secure
BT MobileXpress Cloud Secure
Page 1
BT MobileXpress Cloud Secure
1.
BT MobileXpress Cloud Secure
Service provides direct, encrypted, secure end user-to-application connectivity using the
Internet as an access mechanism to extend applications to partners, customers and employees.
BT MobileXpress Cloud Secure removes the need to deploy multiple remote access solutions to support differing end user devices as it provides access for users of Windows, Windows Mobile,
IOS and Android operating systems. By using a proxy-based service such as Secure Sockets Layer
(SSL), applications can be offered to the end user based on their credentials and their environment.
Cloud Secure is a fully hosted SSL based remote access platform utilising industry leading Juniper
Pulse technology. SSL servers are hosted in a BT virtual server environment with integrated
L2/L3 access to the IL.2 accredited BT IPConnect UK MPLS VPN networks
Service Overview
BT’s MobileXpress Secure Cloud service has been developed in response to a growing client requirement for much greater flexibility and security in the way Remote Access is delivered to users who now demand access from a multitude of devices including tablets and smart phones together with un-trusted environments such as Internet cafés, and home PCs. In addition, organisations are increasingly allowing partners and suppliers direct access to information and systems to improve collaboration, increase productivity and improve customer service. These scenarios can be described as “trusted users” accessing from “unmanaged or un-trusted” environments.
By using a proxy-based service such as Secure Sockets Layer (SSL), applications can be offered to the end user based on their credentials and their environment. The SSL technology thereby enables customers to trust their end users without necessarily having to trust the end user’s environment (end point), their machine or their network.
BT MobileXpress Cloud Secure service provides direct, encrypted, secure end user-to-application connectivity using the Internet as an access mechanism to extend applications to partners, customers and employees.
Cloud Secure utilises Juniper SA Series SSL VPN Virtual Appliances on BT Compute’s virtual server infrastructure. In addition to instances of the service deployed in the USA, Germany,
Hong Kong, Singapore and South Africa there are two UK based nodes offering users enhanced levels of resilience. Connection to client datacentres is achieved through BT’s MPLS enabled IP
Clear network (see Appendix 1)
Service Support – See Appendix 2 (High Level)
Page 2
BT MobileXpress Cloud Secure
Technology Environment
SA Series Virtual Appliances can scale to support a virtually unlimited number of end users using
VMware software. The fully virtualized systems run completely independently of other customers, and provide highly flexible licensing Cloud Secure acts as a secure, Application Layer gateway intermediating all requests between the Public Internet and internal corporate resources. All requests that enter Cloud Secure are already encrypted by the end user's browser, using SSL/HTTPS 128-bit or 168-bit encryption, or the Junos Pulse client. Unencrypted requests are dropped. Juniper Networks Junos® Pulse is a dynamic, integrated, multiservice network interface that delivers accelerated, secure connectivity and seamless, authenticated access to networks and the cloud. Included with the SA Series (for laptops and PCs) and downloadable from most major mobile operating system app stores and marketplaces, Junos Pulse provides enterprises with improved productivity, collaboration, security, and ubiquitous access to network and cloud-based resources, anytime, anywhere, using any Web-enabled device.
Security Features
BT MobileXpress Cloud Secure removes the need to deploy multiple remote access solutions to support differing end user devices as it provides access for users of Windows, Windows Mobile,
IOS and Android operating systems.
Four Client options are offered to provide flexibility in supporting a range of access options:
Extraweb Clientless option (via standard web-browsers), that supports web access from trusted or un-trusted user devices.
On Demand - A Java VPN Client is downloaded for each session, supporting Client / server and web access from trusted or un-trusted user devices.
Connect Client Transparent & resident VPN Client that supports intranet Client / server and web access from trusted devices.
Smart Tunnelling a resident VPN Client or downloaded Java Client, providing full bidirectional VPN access from trusted devices.
Page 3
BT MobileXpress Cloud Secure
End Point Control
End Point Control gives end users access tuned to the capabilities and risks of their environment. It protects users from personal loss or privacy risks they face when accessing the network from insecure venues. For customer IT departments, End Point Control helps address business needs for mobile access without sacrificing the integrity of the corporate network or intellectual property. The major features of End Point Control are:
Cache Control - When an end user ends their browser SSL VPN session, this facility removes information that would otherwise be left on the device, including URLs visited, data file cache, and logon information. This is clearly crucial for un-trusted devices in locations such as kiosks and cafés.
Secure Desktop - This option goes a step beyond Cache Control in creating a virtual
Windows session, where all data transferred to the underlying device is encrypted, and then removed when the session is closed.
Policy Zone - This option allows a customer to define different levels of trust for different access scenarios. A Policy Zone consists of one or more Device Profiles, which specify the characteristics of the end user access that must be met in order to be classified into a particular Policy Zone. Policy Zones also specify the Data Protection required, which indicates if Cache Control or Secure Desktop is required for users who are classified into a specific Policy Zone. In order to perform this function the services Host Checker feature which irrespective of the individuals authentication privileges interrogates the device (end point) being used for the session and establishes its profile in terms of:
Running Processes.
Registry Keys.
Files.
Antivirus Version and DATS.
Updates and Patches.
Detect known Key Loggers and Trojans.
API for Custom Policies.
Integration into NAC/NAP policy engines.
Management Features
MobileXpress Cloud Secure offers options for resilience (with load balancing) across multiple sited servers. Reporting options also give the customer visibility of user activities, through storing and summarising log data. This helps enforce compliance to regulations such as Sarbanes-Oxley and
Basel II.
High Level Service Support Model available – see Appendix 2 for details.
Our mobile security service management portals, accessed via the web, enable you to manage the overall service. You can create and manage user IDs and passwords; obtain session reports on who is using the service, how it is being used, when and where; and you can diagnose problems by providing reports on connections and failed logins.
Page 4
BT MobileXpress Cloud Secure
We also provide advanced reporting on all aspects of the SSL VPN service which gives you the necessary visibility. SSL VPN Reporting provides discrete and combined views on user and application metrics to effectively manage users and the corporate infrastructure. Access to reporting is provided via a web portal.
Authentication
MobileXpress Cloud Secure supports and integrates with various authentication options. The customer can authenticate on the BT MobileXpress RADIUS or via their own authentication device such as Radius, LDAP, or Active Directory.
Scalability
With gateways in Europe, America and Asia you can easily provide a local service to employees.
Flexibility
You can start small, with a handful of users, and easily add more as you need, with very little notice
.
Resilience
Cloud Secure is inherently resilient, with assured 99.95% availability
Predictable costs
After a small set up charge, you pay a monthly fee that relates to the number of users.
Ordering
Please liaise with your BT Account Manager who will assist you with completing an order for new service.
Commercial Benefits of BT’s Cloud Approach
MobileXpress is a cloud based service which offers additional levels of resilience and can be deployed within comparatively short timescales.
The service is scaleable and can be easily flexed to enable unforeseen demand for increased capacity for remote workers e.g. bad weather, flu pandemic etc.
The compliance obligations for software upgrades, patching etc. becomes BT’s responsibility.
Potentially less risk and total cost of ownership than traditional premises based options by sourcing a service as opposed to buying technology.
Opex based pricing option can drastically reduce the requirement for initial capital outlay
– could also facilitate internal cross charging to users.
Page 5
Appendix 1 - Service Topology
BT MobileXpress Cloud Secure
Figure 1: BT MobileXpress Cloud Secure
Page 6
Appendix 2 – High Level Service Support Model
BT MobileXpress Cloud Secure
Figure 2: High Level Service Support Model
Page 7
