©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.

Slides:



Advertisements
Similar presentations
Unified Communications Bill Palmer ADNET Technologies, Inc.
Advertisements

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Device Evolution Greg Pelton Chief Technology Officer
Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Avaya – Proprietary. Use pursuant to the terms of your signed agreement or Company policy. idEngines® Avaya Identity Engines And Mobile Device Management.
Managed Infrastructure. 2 ©2015 EarthLink. All rights reserved. IT resources are under pressure… is it time to rethink the IT staffing model? Sources:
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Sophos Mobile Control. Tablets on the rise 2 Trends 3 75% of 157 polled companies encourage employee owned smart phones and tablets to access corporate.
Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Positioning Avaya Aura ® Conferencing & Scopia ® May 2013.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Building and Deploying Safe and Secure Android Apps for Enterprise Presented by Technology Consulting Group at Endeavour Software Technologies.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Authenticated Network Architecture
MobileFirst Protect 1. MobileFirst Protect (MaaS360) 2 Mobile Device Management Enable and Manage Apple iOS smartphones, and tablets with Apple DEP Gain.
Windows Server 2012 R2 Capabilities for BYOD Scenario Yuri Diogenes Senior Knowledge Engineer Data Center, Devices & Enterprise Client – CSI Team’s Page:
All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.
Managing BYOD Legal IT’s Next Great Challenge. Agenda  The BYOD Trend – benefits and risks  Best practices for managing mobile device usage  Overview.
© 2009 Avaya Inc. All rights reserved. Introduction to SIP Trunking Alan Klein Consulting Systems Engineer February 2009.
CISCO CONFIDENTIAL – DO NOT DUPLICATE OR COPY Protecting the Business Network and Resources with CiscoWorks VMS Security Management Software Girish Patel,
IT Expo SECURITY Scott Beer Director, Product Support Ingate
Remote Workers Without the Hassle
Office 365: Efficient Cloud Solutions Wednesday March 12, 9AM Chaz Vossburg / Gabe Laushbaugh.
©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL.
Empower Enterprise Mobility Jasbir Gill Azure Mobility.
Telenet for Business Mobile & Security? Brice Mees Security Services Operations Manager.
Mobility Without Vulnerability: Secure and Enable Your Mobile Users, Apps, and Devices David Clapp – Intuitive.
©2012 Check Point Software Technologies Ltd. | [Confidential] For Check Point users and approved third parties Building Your Security Strategy with 3D.
RSA Security Validating Users and Devices to Protect Network Assets Endpoint Solutions for Cisco Environments.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Mobility And Anywhere Access Clancy Priest Technology Services Director City of Hayward.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.
Dell Connected Security Solutions Simplify & unify.
1 CISCO SAFE: VALIDATED SECURITY REFERENCE ARCHITECTURE What It Is Business Transformation Top Questions To Ask To Initiate The Sale Where It Fits KEY.
© 2013 Avaya Inc. All rights reserved Avaya UC Collaboration Solution A complete solution for midsize companies Mobility Video SecurityNetworking.
…. PrePlanPrepareMigratePost Pre- Deployment PlanPrepareMigrate Post- Deployment First Mailbox.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.
Adoption of IP in the Next Generation Contact Center Rupesh ChokshiGautham NatarajanDirector, AT&T.
Access and Information Protection Product Overview Andrew McMurray Technical Evangelist – Windows
Avaya Video Collaboration Solution for IP Office Sales Knowledge Transfer Session Presenters: Roger Wallman Brian Wenk.
User and Device Management
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
0 What Does SIP Bring to Your Customer Experience ? Extend VoIP and IP Contact Center values through support of SIP o Media and location independent support.
Why EMS? What benefit does EMS provide O365 customers Manage Mobile Productivity Increase IT ProductivitySimplify app delivery and deployment LOB Apps.
©2012 Check Point Software Technologies Ltd. [PROTECTED] — All rights reserved. Securing Your Data in Endpoint and Mobile Environments Frank Suijten Security.
Enterprise Mobility Suite: Simplify security, stay productive Protect data and empower workers Unsecured company data can cost millions in lost research,
© 2013 Avaya Inc. All rights reserved Unique Challenges for Midmarket Businesses Competing against larger, global enterprises Highly mobile, distributed.
Tomaž Čebul Principal Consultant Microsoft Bring Your Own Device, kaj pa je to?
Mobile Security Solution Solution Overview Check Point Mobile Threat Prevention is an innovative approach to mobile security that detects and stops advanced.
1© Copyright 2012 EMC Corporation. All rights reserved. Next Generation Authentication Bring Your Own security impact Tim Dumas – Technology Consultant.
March 2009 Sipera Overview. 2 © 2009 Sipera Systems, Inc. All Rights Reserved. About Sipera  Leader in real-time Unified Communications (UC) security.
The time to address enterprise mobility is now
Chapter 7. Identifying Assets and Activities to Be Protected
Hybrid Cloud Web Filtering Platform
Mobile Data Solutions Inc
Cloud-First, Modern Windows Management and Security
Data and Applications Security Developments and Directions
IS4550 Security Policies and Implementation
Mobile Device Management
Company Overview & Strategy
Access and Information Protection Product Overview October 2013
SCCM in hybrid world Predrag Jelesijević Microsoft 7/6/ :17 AM
IT Management, Simplified
Microsoft Virtual Academy
Presentation transcript:

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, #AvayaATF Shmulik Nehama, Identity Engines Portfolio Leader Avaya Network Access and the Acronym Soup – NAC, MDM, SBC & SSO

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources 3 Disclaimer Some of the material provided in this presentation is looking forward and may be subject to change without advance notice!

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL The Acronym Soup Avaya Identity Engines Authenticates & authorizes network access of users and any network attached device (IP phones, medical devices, user devices, printers etc.). Dynamically provisions the network to contain the access of users and the network attached devices Avaya Identity Engines Single Sign On (SSO) is an area of access control that enables users to login once and/or with same enterprise credentials and gain access to applications without being prompted to login again at each of them and/or without the need to maintain different set of credentials. MDM manages mobile devices in the context of which applications should / should not be on user handheld devices, password management, patch and software management. MDM manages mobile device data and apps but NOT control / provisions the network for access Provides network security for SIP-based applications without the need for a VPN client on the accessing device. Controls access of UC applications (NOT network access of users / devices) DevConnect (MobileIron) Avaya Session Border Controller Avaya Solution NAC Network Access Control SSO Single Sign On SBC Session Border Control MDM Mobile Device Management Avaya Solution 4

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL The Acronym Soup Avaya Identity Engines Authenticates & authorizes network access of users and any network attached device (IP phones, medical devices, user devices, printers etc.). Dynamically provisions the network to contain the access of users and the network attached devices Avaya Identity Engines Single Sign On (SSO) is an area of access control that enables users to login once and/or with same enterprise credentials and gain access to applications without being prompted to login again at each of them and/or without the need to maintain different set of credentials. MDM manages mobile devices in the context of which applications should / should not be on user handheld devices, password management, wipe out and software. MDM manages mobile device data and apps but NOT control / provisions the network for access Provides network security for SIP-based applications without the need for a VPN client on the accessing device. Controls access of UC applications (NOT network access of users / devices) DevConnect (MobileIron) Avaya Session Border Controller Avaya Solution NAC Network Access Control SSO Single Sign On SBC Session Border Control MDM Mobile Device Management Avaya Solution 5

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 6 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? Network Access with policies, controls and provisions access to a network –Including pre-admission endpoint security policy checks and post-admission controls over where users and devices can go on a network and what they can do Role-based Access is where access to the network is given according to profile of the person and the results of a posture / health check. –e.g. in an enterprise, the HR dept could access only HR dept files if both the role & endpoint meets anti-virus being up-to-date. 7

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Enterprise Network w/Multiple Policy Enforcement Locations 8 Multiple repositories of identity information Multiple locations of enforcement points Challenges with in providing access to Guest Access Contractors Access Challenges in implementing consistent access behavior across the network Challenges with mergers and acquisitions Enterprise Network with Multiple Constituents and Policy-Enforcement Locations

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Enterprise Network w/Centralized Identity and Policy Services 9 Identity and Policy Service in the Enterprise Network Network Access Control is centralization of both identity and policy information in a single location Simplification Consistency Facilitate self-service Guest Access IT Hands-off Contractor Access

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Granular Control Network operators define policies, such as roles of users and the allowed network areas to access and enforce them based in switches, WLAN Controllers etc. Enhanced Security Ability to prevent access from end-stations that do not meet security posture requirements Regulatory Compliance Enforce access policies based on authenticated user identities 1. Define roles 2. Define network access level 10

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Network Access Features 11 IP Phone Visitor or Business Partner Personal Machine Corporate Desktop Network Printer Network Device Wireless Access Point Surveillance Camera Fax Machine Medical Device Local Server/App Guests & Guest Devices Enterprise Network It is not only about users and their devices but also about any network attached device Each access port is not assigned until a user/device attempts access. Once authenticated & authorized, user/device is granted appropriate access level.

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Typical Network Access Architecture 12 NETWORK ABSTRACTION LAYER DIRECTORY ABSTRACTION LAYER Reporting & Analytics Posture Assessment Guest Access Mgmt Identity Engines Access Portal CASE Wizard Policy Enforcement Point Policy Decision Point Policy Information Point

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Network Access Features Basic Features Authentication & Authorization Guest Access Management Posture Compliance Compliance checking for un- managed devices e.g. BYOD Reporting and Analytics Directory Federation 13 Advanced Features Unified Solution for wired and wireless network access IT Hands-Off self-service Guest access management Device Finger-printing BYOD On-boarding High Availability

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL SPB Network Access Automation 14 UC Zone Corporate Zone Guest Zone Contractor Zone CAMPUS BRANCH DATA CENTER BRANCH CAMPUS User connects to edge switch User placed on a VLAN VLAN mapped to an ISID Done! 1 2 3

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Multi-Host Multi-Authentication MHMA is a network switch capability where Identity Engines separately authenticates and authorizes multiple clients connected to a switch port Each client must complete EAP authentication before the port allows traffic from the users MAC address, only traffic from authorized hosts is allowed Enables to direct multiple hosts on a single port to different VLAN’s. Used for separating voice and data traffic on the same port 15

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 16 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? Mobile Device Management (MDM) secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices Smart-phones, tablets, mobile printers, mobile POS devices, etc 17

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Reduce support costs and business risks Control and protect the data and configuration settings for all mobile devices in the network Manage devices IT can use MDM to manage the devices over the air with minimal intervention in employee schedules Visibility With mobile devices becoming present “everywhere” and applications flooding the market, mobile monitoring is growing in importance. Support Saying YES to BYOD 18

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL …Anyone here still using flip phone? 19 Time Magazine cover Aug Bill Gates invests $150M to save Apple. Android apps iPhone/iPad apps Tablets in 2012 Smartphones in 2011 Smartphones in 2012 Social Media Users  Tablet market $45B by 2014 – Yankee 2011  50% Enterprise users interested in or using consumer applications – Yankee 2011  Smartphone app revenue to triple by 2014 – Yankee 2011

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Typical MDM Solution Server & Client Components Server component sends out management commands to devices Client component runs on device to receive and implement commands Must have an agent installed and maintained Constant 24x7 race after device and OS updates Deployment -- On-premise and Cloud based solutions 20

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities Basic Features Inventory Management & Real Time Reporting Setting Passcode Policies Remote Lock and Full Wipe Remote Selective Wipe Configuration of , Wi-Fi, VPN, Certs. Access Controls Jail-broken / Rooted Device Detection Advanced Features Enterprise App Catalog App Blacklisting / Whitelisting Secure Document Sharing Geo Location Event-based Security and Compliance Rules Engine Roaming Usage Dual Persona  separate Personal vs. Corporate content Monitor access to App Store Data encryption 21

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Market Landscape 100+ vendors who claim some level of MDM functionality 20 vendors in Gartner MDM MQ None of the Networking vendors provide true MDM capabilities Requires to keep-up with intense pace of mobile device market updates and innovation 22

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities and the Use Cases Cross platform device support Configuration management Device monitoring License control Software distribution Inventory & asset control 23 MDM requirements vary depending on use case

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL MDM Capabilities and the Use Cases 24 MDM requirements vary depending on use case organizations w/ very large number of mobile users small number of mobile users non-regulated organizations (e.g. retail) strongly regulated e.g. Finance, defense data encryption, dual persona, selective wipe detect OS & version, installed apps, roaming usage, content, device wipe

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Avaya’s MDM strategy Today Avaya Flare and one-XC Applications interoperability tested with MobileIron Tomorrow Identity Engines MDM integration with top vendors Ignition Server will query mobile device attributes from the MDM and make attributes part of the Access Policy Avaya Flare & one-XC Applications on user devices 25

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Avaya’s MDM strategy MDM 26

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Avaya’s MDM strategy MDM Identity Engines Access Policy 27

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 28 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? A device or application that governs the manner in which calls, also called sessions, are initiated, conducted and terminated in a VoIP network. An SBC can facilitate VoIP sessions between phone sets or proprietary networks that use different signaling protocols. An SBC can include call filtering, bandwidth use management, firewalls and anti-malware programs to minimize abuse and enhance security 29

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Denial of Service Call/registration overload Malformed messages (fuzzing) Configuration errors Misconfigured devices Operator and application errors Theft of service Unauthorized users Unauthorized media types Viruses and SPIT Viruses via SIP messages Malware via IM sessions SPIT – unwanted traffic 30 Source: Nemertes Research Enterprise Adoption of Collaboration Tools Mobile Collaboration Security Threats

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL UC Security – Should You Care? 31 Credit card privacy rules: other compliance laws require security architecture specific to VoIP and other UC. Toll fraud: yearly enterprise losses in Billions inadequate securing of SIP trunks, UC and VoIP applications 5 Toll fraud: yearly enterprise losses in Billions inadequate securing of SIP trunks, UC and VoIP applications 5 Collection of Analysts (Yankee survey & Aberdeen)

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL OSI Model - 7 Layers of Attacks 32 Typical firewall protection Layer 3-4 protection Emerging layer 7 FWs spam filters layer 7 application specific firewall SIP, VoIP, UC layer 4 to layer 7 application SIP Trunking - a trunk side application SIP Line (phone) side (internal and external) access another application Wikipedia on 22Jul2011: Avaya SBCE provides a VoIP/UC trunk/line side layer 4-7 application protection Think of OSI model as a 7 foot high jump

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 33 Complements Existing Security Architecture Avaya SBCE Firewall Application Level Security Proxy (Policy Application, Threat Protection Privacy, Access Control)

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Session Border Control Use Cases 34 SIP Trunking Remote Worker Avaya SBC for Enterprise CS1000 Avaya SBC for Enterprise Use Cases Avaya SBC for Enterprise

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL SBC Use Cases – SIP Trunking 35 Use Case: SIP Trunking to Carrier  Carrier offering SIP trunks as lower-cost alternative to TDM Carrier SIP trunks to the Avaya SBC  Avaya SBC located in the DMZ behind the Enterprise firewall  Services  security and demarcation device between the IP-PBX and the Carrier − NAT traversal − Securely anchors signaling and media, and can − Normalize SIP protocol InternetEnterprise IP PBX Avaya SBCE DMZ SIP Trunks Carrier

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Secure Remote Worker with BYOD 36  Personal PC, Mac or iPad devices  Avaya Flare ®, Avaya one-X ® SIP client app  App secured into the organization, not the device  One number UC anywhere Avaya SBCE Avaya Aura ® Presence Server System Manager Communication Manager Avaya Aura Conferencing Aura Messaging Session Manager Untrusted Network (Internet, Wireless, etc.)

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Secure Remote Worker with BYOD 37 Use Case: Remote Worker  Extend UC to SIP users remote to the Enterprise  Solution not requiring VPN for UC/CC SIP endpoints Remote Worker are external to the Enterprise firewall  Avaya Session Border Controller for Enterprise − Authenticate SIP-based users/clients to Aura Realm − Securely proxy registrations and client device provisioning − Securely manage communications without requiring a VPN InternetEnterprise Avaya SBCE DMZ Remote Workers IP PBX

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda 38 The Acronym Soup Network Access Control Mobile Device Management Session Border Control Single Sign On Resources

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL What is it? Single Sign On (SSO) is a property of access control that enables users to login with one set of enterprise credentials and gain access to systems without being prompted for different credentials or login again. Maintaining one set of credentials and reducing multiple logins. 39

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Why is it important? Reduces password fatigue from different user name and password combinations Reduces time spent re- entering passwords for the same identity Reduces IT costs due to lower number of IT help desk calls about passwords 40

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 41 ERP HRM CRM Intranet Applications Enterprise Identity Realm 3 rd Party Web Sites Salesforce Social Media Web Single-Sign-On Enterprise Directory Infrastructure Local Single-Sign-On

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 42 SM AAC CM PS Enterprise Identity Realm Enterprise Directory Infrastructure Aura Applications Identity Realm Current Situation  The enterprise and Aura realms are separate where each app has its own notion of user identity, credentials and manages them separately.  Integration with enterprise AAA is difficult, inconsistent and brittle

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Single-Sign-On 43 SM AAC CM PS Enterprise Identity Realm Enterprise Directory Infrastructure Customers Want  Users to authenticate to enterprise AAA service  Minimize the number of user identities and credentials  Minimize and standard approach to authentication & credential mgmt  Consistent user experience Aura Applications

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Stepping Identity Engines Up into the Applications Access Incorporating SAML as an authentication protocol Web Clients Think Clients Introducing the concept of Identity Provider for Applications Introducing the concept of Service Providers Focus on Aura UC Applications Flare One-X Communicator Avaya Aura Conferencing 44

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Agenda Network Access Mobile Device Management Network Access Control SIP Security Single Sign On Resources 45

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL NAC Network Access Control NAC Network Access Control SBC Session Border Controller SBC Session Border Controller MDM Mobile Device Management MDM Mobile Device Management SSO Single Sign On SSO Single Sign On “ Avaya is the company that is stepping in with a true, holistic BYOD proposal that covers all the pieces.” Zeus Kerravala, ZK Research 46

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Resources Identity Engines Product Management Shmulik Nehama Session Border Controller Product Management Jack Rynes Secure BYOD YouTube Video 47

©2013 Avaya Inc. All rights reservedFebruary 26-28, 2013 | Orlando, FL Thank #AvayaATF 48

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.