[Evaluate 1.0 Release]
[Datasheet]

eTIPS is a comprehensive, highly scalable and high-performance trust and identity policy system that uses existing enterprise network infrastructure and identity stores. The high-performance platform provides a unified network access control solution spanning different client operating systems and agent technologies, network access technologies and protocols, and enforcement and remediation mechanisms. eTIPS enables the enterprise to:

Click to enlarge

• Define flexible policies for access control decisions and trust determination
• Identify and authorize the users and devices that access the network using existing enterprise identity stores or local store
• Evaluate the posture or health of the devices that access the network using existing network access client technologies and posture validation systems
• Enforce network access rights by downloading enforcement decisions based on flexible policy definitions to existing network and system infrastructure elements from a variety of vendors
• Quarantine and provide automatic or manual remediation services for non-compliant devices using the capabilities of existing network infrastructure and client agent
• Audit and enforce policies on agent-less devices using existing audit servers
• Monitor centrally all user and device sessions and network policies applied to those sessions through the built-in activity dashboard
• Simplify and consolidate guest access by means of the built-in guest portal and existing network infrastructure support for captive portals
• Authenticate administrative access to devices and systems and authorize commands that can be executed on them

eTIPS reduces the operational complexity and cost by consolidating user and device authentication, authorization, access control, trust determination and monitoring under a single policy management system. It integrates with existing identity stores, network infrastructure, posture validation servers, audit servers and logging systems through well defined protocols, APIs and standards.

Benefits

Multiple NAC framework support: With its extensible architecture eTIPS natively supports both Cisco NAC and Microsoft NAP frameworks and acts as a unified policy decision point for both frameworks. The enterprise can use best-of-breed capabilities of either framework and define a single set of policies to control access to network and server elements. The extensible architecture also makes it possible for the eTIPS platform to support standard frameworks, such as TNC, as they evolve.

Out-of-band deployment: eTIPS platform sits outside the regular traffic path and makes use of RADIUS and TACACS+ based enforcement, which is available on most managed network devices. Network performance and scalability are not impacted, unlike in-band and SNMP-based enforcement technologies.

Rich APIs: Rich set of APIs for configuration interface eases configuration burden. Policy server APIs allows third-party interfacing with the eTIPS policy subsystem.

Enterprise-class management and deployment scalability: The platform supports a fully replicated cluster of eTIPS appliances for high availability and load balancing. All members of the cluster can be centrally managed, with support for consolidated dashboard view of all session activities. All configuration changes are replicated throughout the cluster without need for a system restart.

Flexible policy definition: Powerful rules engine and rules editing interface built using latest Web 2.0 technologies allows browser based access from anywhere. The administrator can configure attribute-based service, role-mapping, health and enforcement policies in a streamlined and uniform manner. Rule definitions can be based on roles, health, time, date, location, access and authentication protocol attributes, identity store attributes, connection method, white and black lists, MAC & IP address lists. The abstraction of enforcement attributes enables enterprises to continue to use a multi-vendor network infrastructure. The ability to simulate policies and place the system in monitor-only mode enables the administrator to experiment with complex policies before deploying in the network.

Multi-vendor device support: eTIPS can push enforcement commands to any vendor’s switches, routers, wireless access points, firewalls and VPN devices that support standard and vendor-specific RADIUS attributes such as VLAN, filter ID for ACLs, Downloadable ACLs, policy based ACLs, private VLANs and others.

Cost-effectiveness: eTIPS uses existing identity stores, network infrastructure and posture validation and audit servers, thus increasing return on investment and reducing total cost of ownership.