Mobile Now™ for BYOD
All your business applications.
None of the business risk.
Securely connecting users and applications
from anywhere to anywhere in today’s global
economy.
AG series secure access gateways
Jump in. The mobile waters are fine.
Sections
1.
What is a secure
access gateway?
2.
Array secure access
solutions




3.
SSL VPN
Remote desktop
Mobility
Business continuity
Array AG Series
secure access gateways


Product line
Feature matrix
JUMP IN.
THE MOBILE WATERS
ARE FINE.
4.
Key takeaways
5.
Case studies and global satisfied customers
What is a secure access gateway?
IPsec VPN
SSL VPN
Scalability
Mobility
Network-level
encrypted access
L7, L4 & L3
encrypted access
Enterprise-wide
remote access
Smart phones,
tablets and BYOD
• Remote access
• Any device
• Managed laptops
• Intranet or extranet
• Support employees,
partners and guests
• Data, device and
app management
• Intranet only
• Clientless
• Requires client
• Granular control
• Thousands of users
and burst capacity
for BCP events
• Preventing data
leakage when using
personal devices
VPN remote
access for
select workers on
managed PCs
Anytime,
anywhere secure
access with greater
security and control
Remote access as
an enterprise-wide
strategy for worker
productivity
Adapting secure
access to address
new apps,devices
and consumerization
ANYTIME-ANYWHERE
ANY DEVICE
ANY APPLICATION
What is a secure access gateway?
SECURE ACCESS ARCHITECTURE
•
•
•
•
•
•
Up to 256 virtual gateways
2048-bit SSL encryption
L3, L4 and L7 connectivity
Advanced AAA integration
Dual-factor authentication
Single sign-on
•
•
•
•
•
•
Per-user policy engine
Auditing and reporting
End-point security
RDP over SSL
Wake-on-LAN
BCP contingency licenses
•
•
•
•
•
•
iOS and Android support
Per application L3 mobile VPN
L4 SDK for secure tunneling
Secure Web browser
Enterprise app store
Client, app and device security
Array secure access solutions
AccessDirect™
DesktopDirect™
SSL VPN
Remote Desktop
Traditional Web or
network-level VPN
for remote workers.
Securely access office
desktops and apps from
any device or location.
MotionPro™
Business Continuity
Secure Mobility
Contingency Licenses
Securely connect devices
and apps to enable business
mobility and BYOD.
Seamless, cost-effective burst
remote access for planned
and unplanned events.
AccessDirect SSL VPN remote access
 Pure SSL “anytime-anywhere” browser-based access
 Up to 256 virtual instances support multiple
communities of interest
 Business units, partners, guests, contractors
 Scalable up to 128,000
concurrent users
Applications
Applications
 Enables secure access
“enterprise-wide”
 Range of access
methods
Users
 Layer-3 client for trusted workers
 Specific resources for unmanaged devices
 Web portals for extranet partners
SSL VPN security architecture
•
•
•
•
•
All standard cipher-suites
Hardware-accelerated
2048-bit key lengths
Client-side certificates
Complete separation between
non-secured and secured
networks
Web Apps
•
AAA
•
End Point Security
Host Checking
Adaptive Policies
Secure Desktop
Cache Cleaning
•
•
Eliminates all elements of browser cache
Local sandbox prevents data leakage
S
S
L
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Supports all industry
standards (AD, RADIUS,
LDAP, SecureID)
RSA certified
Unique SSL integration
Fine grain ACLs
L3, L4 and L7
External mapping
Black list and white list
Full audit trail
Who, what and when
Syslog support
Configurable email alerts
F
W
Denial of Service (DoS) attack protection
ACLs (Layer 4)
URL filtering (Layer 7)
Network probe logging
P
r
o
x
y
Clientless Web
application
support
File Shares
•
•
Clientless
access to
shared
directories
CIFS/NFS
Networks
•
•
•
Full L3 VPN
Any IP protocol
L4 redirection
Multiple communities of interest
Network Access
Portal 1
Network Access
Application Access
Portal 2
Internet Only
Portal 3
Portal 4
Quarantine
Portal 5
Engineering Finance
Partners
 Portals are customizable to the look and feel and
resource needs of each community of interest
 Each portal is fully partioned
and independently manageable
Guests
Etc.
Humana – SSL VPN remote access
 Large healthcare insurance provider
 $40B in yearly revenue
 Over 12M members
 Why the need for SSL VPN?
 Stove pipe secure access for various use cases was costly to
manage and too prone to inconsistencies and data leakage
 IPsec was more expensive and less secure vs. SSL VPN
 AG Series solution and benefits
 Consolidated secure access for local and remote employees,
partners and guests on a unified platform
 Demonstrable accountability for HIPAA compliance,
increased productivity for employees, partners and
guests, and decreased cost and complexity
DesktopDirect remote desktop access
 Thin-client RDP access over SSL




Data never leaves the network and never resides on end-user devices
Applications on office desktops usable from remote or mobile devices
Securely enables “bring your own…PC, laptop, tablet or smart phone”
Cost-effectively leverages existing investments in infrastructure, applications
and devices to rapidly scale productivity and enterprise mobility
Remote desktop access architecture
 Ideal for boosting office worker productivity, ensuring business continuity
and enabling secure mobility for business
laptops
pcs
smart phones
tablets
Securely
connect
to office
desktops
from any
device,
anywhere.
Windows
VMview
physical
desktops
virtual desktops and
terminal
services
Productivity and business continuity
 Provides a means for office workers (those without managed laptops and
VPN access) to remain productive under any circumstance
Prevent Revenue Loss
Natural
Disasters
Outbreaks
Maintain Productivity
Sick Child
Repairs &
Deliveries
Grow Productivity
Home Working
Nights &
Weekends
Needham Bank – remote and mobile access
 Customer-owned community bank
 5 locations
 Over $1B in assets
 48x increase in mobile devices since 2007
 Needed to quickly and cost-effectively provide access to bank
applications from tablets and laptops without risking data leakage
 Selected DesktopDirect solution for BYOD, remote and mobile access
 DesktopDirect impact on remote and mobile productivity




11x unique users
120x total hours spent
10x time per user
No security issues, no additional IT staff required
MotionPro secure mobile access
 Enterprise application portal
 Secure access to enterprise resources
 Secure browser for Web resources
 VPN on-demand for native apps
 SDK for secure native app tunnels
 Enterprise app store
 Secure mobile access
 Client security
 App management
 Device management
 Part of an overall mobility strategy
 Complements MDM
Secure application access
Secure SDK for Native Apps
Native apps developed with
SDK will start L4 VPN tunnel
VPN on Demand for Native Apps
Configured native apps will
start L3 VPN automatically
Only authorized
applications may use the
VPN tunnel
Secure Browser
L7 Web apps launched
in secure browser
Client security
Trigger
Condition
Pre-login, post-login, timer
Hardware
Manufacturer, model, passcode
OS
Type, version, jail-broken, rooted
App
Black and white list, signed
Lock screen, terminate session, delete MotionPro
Action
Alert user, prompt user, log message
Application and device management
Access Control
Application
Management
Device
Management
Only managed apps may use VPN tunnel
Portal
All apps on enterprise app store
Install
Whitelist apps installed automatically
Uninstall
Managed apps
Restore settings and passwords
Performed manually by administrator
MotionPro vs. MDM
 MotionPro and 3rd party mobile device management (MDM) solutions are
complementary
MotionPro
provides scalable
mobile VPN
with basic device
and application
management
Both are
needed to
enable an
enterprise
mobility
strategy
MDM provides
advanced device
and application
management
but they are not
a VPN gateway
COPCP – HIPAA compliant mobility
 Ohio’s largest physician-owned cooperative
 Over 50 physician offices and over 200 physicians
 Healthcare mobility requirements
 BYOD strategy that provides physicians with
flexibility while also addressing IT requirements
for security, manageability and cost
 Benefits for physicians and IT
 Renew prescriptions anytime, anywhere
and move seamlessly between exam
rooms using iPads
 Reduces cost and complexity
while improving productivity
and compliance
Buckingham Research – BYOD
 Institutional research and brokerage firm
 Founded in 1982, based in New York
 Why the need for BYOD?
 Employees bringing personal iPads to the office and
wanted access to corporate applications
 Field employees wanted to use iPads instead
of laptops
 Array AG impact on BYOD enablement




No user learning curve, no new passwords
$30K HW install vs. $300K SW upgrade
3 week installation vs. 8 month project
One HA pair and one DR unit, that’s it!
Business continuity contingency licenses
 Array Business Continuity (ABC)
 Scalable and affordable burst
capacity to meet the demands
of planned and unplanned surge
remote and mobile access
 Affordable and flexible contingency
license certificates
 Available in 10-day denominations
and tiered sizes
 Triggered by exceeding standard
user licenses and may be utilized
in consecutive or non-consecutive
24-hour increments
 Any mix of mobile and remote users
 AccessDirect, DesktopDirect or MotionPro
Morgan Stanley – Business continuity
 World’s 7th largest bank
 $31B in revenue
 53,000 employees
 DesktopDirect solution
 25+ appliances in 8 countries with 5 major data centers
 10,000 standard DesktopDirect user’s licenses
 Peak capacity of 36,000 users via Business Continuity
licenses
 January 2011
 Massive snowstorm paralyzed the east coast
 12,000 users still were able to work using DesktopDirect
 Prevented the loss of over $10M in productivity
AG Series product line
10,000 Concurrent Users
VMware, XenServer,
OpenXen
AG1600
AG1500
AG1200
AG1150
AG1000
300 Concurrent
Users
72,000 Concurrent
Users
25,000 Concurrent
Users
AG1100
AG1000T
128,000 Concurrent
Users
10,000 Concurrent
Users
3000 Concurrent
Users
600 Concurrent
Users
PHYSICAL & VIRTUAL APPLIANCES FOR SCALING UP & OUT
AG Series feature matrix
● = Standard
AccessDirect
DesktopDirect
MotionPro
O = Optional
SSL VPN
Remote Access
Remote
Desktop Access
Secure Mobile
Access
Clustering
●
●
●
WebUI
●
●
●
SSL & IPsec Encryption
●
●
●
5 Included
5 Included
5 Included
Virtual Portals
Web Applications
●
L3 VPN Client
●
Host Checking & Cache Cleaning
●
L4 Thin Client
●
Array Registration Technology
●
Wake-on-LAN
●
Enterprise App Store
●
L3 Mobile VPN
●
L4 SDK Tunneling
●
Secure Browser
●
Client, App & Device Security
●
Additional Virtual Portals
O
O
O
Array Business Continuity
O
O
O
Multi-Language WebUI
●
●
●
Superior security, scalability and flexibility
 Unmatched scalability
 Consolidate remote and
mobile access for an
entire workforce
 Absorb surge remote
and mobile users
Up to 3 Gbps
Up to 256
Up to 128,000
Throughput Virtual Gateways
Concurrent Users
 More secure
 Minimize attack vectors
 Simplify management to
ensure consistent policies
 Highly flexible
 Integrated remote access, remote
desktop and secure mobile access
 Support multiple communities of interest
including employees, partners and guests
AG Series
Secure Access Gateways
Superior value of ownership and ROI
20% - 50% Less Expensive
Competition
Array
Superior Service & Support
Small
Medium
Large
Global
Array AG vs. the competition
Array AG1100
Up to 3000
concurrent users
Array AG1200
Up to 25,000
concurrent users
$
Juniper MAG4610
Array = 18% less
expensive for 1000 users
Juniper MAG6610
Array = 27% less
expensive for 11,000 users
AG1500
Up to 72,000
concurrent users
Juniper MAG6611
Up to 40,000
concurrent users
Array = 31% less expensive
Array = 32K more users
Array supports almost twice
as many users as Juniper and is
almost one third less expensive.
Juniper MAG6610
Array = 25% less
expensive for 2000 users
SMALL
Juniper MAG6611
Array = 35% less
expensive for 22,000 users
MEDIUM
LARGE
Key takeaways
 Scalable, intuitive secure access for
supporting remote and mobile users
 Increase productivity
 Mitigate business disruptions
 Enable enterprise mobility and BYOD
 Consolidated SSL VPN, remote desktop
access and secure mobile access




Minimizes attack vectors
Simplifies management
Ensures consistent policies
Streamlines the end-user experience
 Cost-effective solution for mobilizing
any size workforce while preventing
attacks and data leakage
JUMP IN.
THE MOBILE WATERS
ARE FINE.
Global satisfied customers
Mobile Now™ for BYOD
All your business applications.
None of the business risk.
Securely connecting users and applications
from anywhere to anywhere in today’s global
economy.
AG series secure access gateways
Jump in. The mobile waters are fine.