Edge

Remote Access Authentication Gateway

Endpoint security is arguably a sore topic among IT teams. No matter how diligently you secure your network, roaming laptops and devices are bound to introduce worms, viruses and spyware. The luxury of remote access has set your workforce free to work productively at home and on the road, as well as in the office. And you have given contractors and vendors the ability to plug into your networks for an hour or a day--how do you protect yourself against what you cannot really manage?

Avenda's remote access authentication gateway - Edge, enables the assessment of endpoint health checks of devices connecting over VPN devices to determine their status before being allowed on the network. Health policies, that include checks for anti-malware, firewalls, patches and corporate images, which were configured for wired and wireless access, can now be reused for remote VPN access. This health information can now be used to authorize both corporate-owned and user-owned devices accessing corporate resources over a remote VPN connection.

  • Unified health policies for VPN, wired, and wireless access
  • Supports any vendors' VPN devices
  • Works with corporate managed and user owned devices

Virtual Appliance Flexibility

Edge installs as a virtual appliance using your existing VMware ESX infrastructure. The Edge appliance can then be used behind any VPN device to authenticate and then assign privileges from untrusted to trusted networks. For scalability requirements, Edge is available in four separate models to accommodate your traffic needs.

Centralized Management

Whether managing a single or multiple Edge authentication gateways, Edge Manager enables IT departments to centrally administer policies from one management interface. Edge Manager is installed on any Avenda eTIPS platform within the network. Popular web browsers are used to configure device specific parameters and per session filter rules to define how individual user access will be handled. Per session log capabilities streamline deployment and troubleshooting needs.

eTIPS-Edge Interaction

Edge devices automatically appear as network devices in the eTIPS management interface. The same dissolvable agent health policies used for wired and wireless network access can be reused for Edge-based health checks. Enforcement policies for edge devices are similar to those for any wireless controller, switch or VPN network devices. Based on the role of the user and the endpoint's health status, an enforcement profile, in the form of firewall rule names, can be pushed to the Edge devices.

Per Session Filtering

Filter rules are configured in Edge Manager and are applied once a user authenticates and the endpoint is certified to be healthy. These filter rules can control any of the following types of traffic (based on the IP protocol) going from remote endpoint to the trusted network resource in the enterprise:

  • TCP
  • UDP
  • ICMP
  • ESP
  • AH

This enables the administrator to specify very granular traffic control based on the user's role in the organization.

Enlarge



Edge Protection in your Network

The deployment of Edge for remote access authentication and health checks requires that one of its interfaces be placed in the trusted network in the enterprise. Each user authentication session can have identity plus health, or health checks alone determine their access to the trusted network. Health checks and authentications are performed by means of the captive portal mechanism. Prior to authentication, the remote user's browser session is redirected to a captive portal that runs a dissolvable agent. Connectivity to an Avenda eTIPS platform will be needed for access to available captive portals and backend authentication policies.

eTIPS will handle authentication and health checks, and then send session specific data to Edge so that internal Edge firewall rules can be enforced.