Juniper networks secure access 6000 sp

Juniper Networks Secure Access 6000 SP
The Juniper Networks Secure Access 6000 SP is the industry’s first SSL VPN platform with comprehensive virtualization designed to enable Service Providers (SPs) to deliver network-based SSL VPN services to multiple enterprises of any size from a single appliance/cluster. Combining Juniper Networks expertise in working with Service Providers with the industry-leading Instant Virtual Extranet (IVE) platform, the Secure Access 6000 SP platform provides SPs with a sophisticated, end-to-end virtualization framework that is optimized for highly available and highly scalable network-based SSL VPN managed services. Specific hardware platform features include redundant hot swappable power supplies and hard disks with real time data mirroring, and hot swappable fans. The platform also includes GBIC-based multiple Ethernet ports with the flexibility to select SX, LX and copper-based interfaces, enabling the creation of short or long distance fiber connections and redundant or meshed configurations. Platforms can be deployed in pairs or in multi-unit clusters for high availability. The SA 6000 SP also features a state-of-the-art SSL acceleration chipset to speed CPU-intensive encrypt/decrypt processes, as well as built in compression for all traffic. The ability to offer network-based managed services to multiple Service Provider Value Summary
customers from a single appliance is enabled by Juniper’s unique Low Total Cost of Ownership with High Return on Investment Instant Virtual System (IVS) software, which provides end customers • No client to install and no firewall /NAT traversal issues result in many of the benefits of their own SSL VPN, without having to manage a device on their premises. IVS allows complete segregation of each end customer’s traffic, allowing SPs to securely segregate end users’ traffic, • Differentiated revenue opportunities with services such as extranet even if two customers have overlapping IP addresses. IVS features access, disaster recovery, intranet LAN security and mobile device granular role-based VLAN (802.1Q) tagging, enabling service providers to provision specific VLANs for employees and partners of an enterprise customer. DNS/WINS, AAA, log/accounting servers and application • Maximizes existing SP infrastructure, including MPLS and IPSec servers such as Web mail, file shares, etc. can reside either in the respective customers’ intranets or in the SP network. SPs can provision Complete Management Flexibility with Virtualization Framework an overall concurrent number of users on a per customer basis with the • Service providers can choose from a wide range of flexible options, flexibility to distribute further amongst different user audiences such as remote employees, contractors, partners, etc.
– Delegate to end customers the ability to define the specifics of Service providers can tailor their offerings, and they can control the degree of customer management and configuration that they wish to – Provide easy-to-deploy standard configurations offer to their end customers. For example, a service provider can choose • Central management with role-based delegation for streamlined whether they wish to delegate the ability for end customers to establish their own customized user portal, end point security, authentication, authorization and auditing polices, or whether they would prefer to limit Best-in-class end user features that customers demand • A variety of value-added access methods, so customers can Like all products built on the Instant Virtual Extranet (IVE) platform, the SA 6000 SP uses Secure Socket Layer (SSL) available in all Web browsers as a means of secure transport. This enables the service provider to Service Provider Performance, Scalability, and High Availability offer customers a means of remote access for their mobile employees and contractors without deploying client software, as well secure • A variety of performance enhancing features, including hardware- extranet or intranet access with no DMZ buildout, server hardening, based SSL acceleration, compression and clustering, provide Web agent deployments, or ongoing maintenance.
• Multi-unit cluster deployment option, for high availability across the Low Total Cost of Ownership with High Return on Investment
The combination of the SA 6000 SP platform with Instant Virtual System software allows both the service provider and the end customer to realize
a wealth of benefits at a very low total cost of ownership.
Features
Service Provider Benefits
End User Customer Benefits
Virtually all of the benefits of a standalone VPN, without having to manage a device on premises Top of the line product features without requiring dedicated in-house resources No client software to deploy, install or No changes to internal servers or devices Provides access from any device (including PCs, laptops, mobile devices) with a standard Web browser Increased productivity and customer satisfaction Lucrative service requiring no changes to infrastructure Give secure, granular access to business partners or customers with no additional infrastructure required Complete Management Flexibility with Virtualization Framework
The granular role based delegation features of the SA 6000 SP enable SPs to grant customer administrators a variety of management controls.
Granular network, security (endpoint security, authentication, authorization & auditing), and management policies can be tailored to individual
customer needs.
Features
Service Provider Benefits
End User Customer Benefits
Fully customizable look and feel at the end • Can create a standard portal look and feel for quick rollout • Simplify rollout to end users with a standard look • Can provide a differentiated offering by allowing the end customer • Can give end users a familiar interface with corporate look and • Can create standard security parameters for most customers to • Can use their own AAA infrastructure, or that provided by the • Can create a differentiated offering for customers that want to • Can create custom AAA, end point security checks and remedia- leverage their own security infrastructure tion policies to ensure that individual security requirements are met • Can standardize offerings, or offer differentiated services with • Differentiated access for variety of end user constituencies such network layer access methods with granular the flexibility to create customer specific policies that reflect their • Each access method provides different levels of access control, from IP addresses, all the way to the URL or file level • SPs can offer auditing and logging services or end • Log data can be replicated to the customers’ log servers customers can use their own log/accounting servers • SP services aid with regulatory compliance without requiring in- • With log data, SPs can help end customers with regulatory • Customer-specific RADIUS accounting facilitates seamless billing integration with existing billing applications Service Provider Performance, Scalability, and High Availability
The SA 6000 SP features a number of benefits to meet service provider performance, scalability and high availability needs, including:
Features
Service Provider Benefits
• Offloads compute-intensive encrypt/decrypt process from the CPU, enhancing performance • Faster application performance and response times for all traffic traversing the IVE such as HTTP, file, and client/server • Cluster pairs or multi-unit clusters can be deployed across the LAN or across the WAN for superlative scalability with a large number of user licenses, which scales access as the user base grows • Units that are part of a cluster synchronize system-state, user profile-state, and session-state data among a group of appliances in the cluster for seamless failover with minimal user downtime and loss of productivity • Ensures high availability and high reliability with component level redundancy and data mirroring in hard disk plies and hard disks with real time data • Optimized uptime with hot swappable components resulting in operational convenience in a rare event of failure of a component mirroringHot swappable fansGBIC-based ports with flexibility to select • Fully redundant/meshed configuration of SSL VPN appliances with multiple load balancers for optimized uptime • Enables strong performance in the highest speed enterprise networks Streamlined Service Provider Administration
The SA 6000 SP provides streamlined administration to most efficiently provision multiple customers. It also features standards-based management
protocols to facilitate integration with third party management and reporting products.
Features
Service Provider Benefits
• Unified cluster management with synchronized push configuration, zero downtime upgrade, back-up configuration and restore, dynamic log filtering and deterministic cluster recovery • Allows management via an interface segregated from user traffic • Platform configuration can be exported and imported for streamlined multi-box configuration • XML export/import can be leveraged for an API to the provisioning system• Easily accessible XML configuration data aids with regulatory compliance • Real time system health monitoring with SNMP MIBs for critical parameters such as CPU and memory utilization, concurrent number of • Customer-specific maintenance and troubleshooting with virtualized SNMP traps for major and critical events • Virtualized troubleshooting and diagnostics enable SPs to service individual customers without affecting other customers hosted on the Best-in-class SSL VPN features that end users demand
Juniper Networks market leading SSL VPN offerings provide an unmatched feature set. These features are available to end customers as part of
a virtualized system, allowing the service provider to choose to offer them as part of a standard or differentiated service offering. More detailed
information on the standard Juniper SSL VPN features can be found in the Secure Access family datasheets.
Classification
Specific Features
• Hybrid role- / resource-based policy model• Pre-authentication assessment• Dynamic authentication policy• Dynamic role mapping• Resource authorization• Granular auditing and logging• Extensive directory integration & broad interoperability • Clientless Core Web access - Access to Web-based applications, including complex JavaScript, XML or Flash-based apps and Java
applets that require a socket connection, as well as standards-based e-mail, files and telnet/SSH hosted applications.
• Secure Application Manager (SAM) - A lightweight Java or Windows-based download enables access to client/server applications using
just a Web browser. Also provides native access to terminal server applications without the need for a pre-installed client.
• Network Connect - Provides complete network-layer connectivity via an automatically provisioned, cross platform download from a Web
browser. Adaptive dual mode transport for optimal network layer connectivity in diverse connection environments.
• Native Host Checker• Host Checker API• Host Check Server Integration API• Policy-based enforcement and remediation• Secure Virtual Workspace• Cache Cleaner• Integrated Malware Protection• Coordinated Threat Control • Password management integration• Web-based Single Sign-On• BASIC Auth & NTLM, Forms-based, Header Variable-based Specifications
Warranty
• 90 days – can be extended with support contract
Upgrade Options
Hardware
• Replacement hot swappable chassis fan • SFP (small form factor pluggable) transceiver – 1000base-T RJ45 copper – 1000base-SX fiber – 1000base-LX fiber
Software
Secure Access 6000 Base System
• Instant Virtual System Upgrade Option Secure Access 6000 Base System Service Provider Series • Secure Application Manager and Network Connect Upgrade Option (SAMNC) Secure Access 6000 User Licenses
• Advanced Software Feature Set (includes Central Manager) Technical Specifications
• Dimensions: 16.7”W x 3.5”H x 16.2”D • Weight: 28.5lb (12.94 kg) typical (unboxed)• Material: 18 gauge (.048”) cold-rolled steel Secure Access 6000 Feature Licenses
• Fans: 2 externally accessible, hot swappable ball-bearing fans Secure Application Manager and Network Connect for SA 6000 Panel Display
Advanced Endpoint Defense: Malware Protection - • Power LED, HD Activity, Temp, PS Fail Advanced Endpoint Defense: Malware Protection - Advanced Endpoint Defense: Malware Protection - – Two RJ-45 Ethernet - 10/100/1000 full or half-duplex (auto-negotiation) Advanced Endpoint Defense: Malware Protection - • Fast Ethernet - IEEE 802.3u compliant Advanced Endpoint Defense: Malware Protection - • Gigabit Ethernet - IEEE 802.3z or IEEE 802.3ab compliant Advanced Endpoint Defense: Malware Protection - • Management: One RJ-45 Ethernet - 10/100/1000 full or half-duplex (auto-negotiation) Secure Access 6000 Clustering Licenses
Clustering: Al ow 100 additional users to be shared from another SA 6000 Clustering: Al ow 250 additional users to be shared from another SA 6000 • AC Power Voltage 100-240VAC, 50-60Hz, 5A Max Clustering: Al ow 500 additional users to be shared from another SA 6000 • System Battery CR2032 3V lithium coin cell SA6000-CL-1000U Clustering: Al ow 1000 additional users to be shared from another SA 6000 SA6000-CL-2500U Clustering: Al ow 2500 additional users to be shared from another SA 6000 SA6000-CL-5000U Clustering: Al ow 5000 additional users to be shared from another SA 6000 Accessories
Environmental
Field Upgradeable Secondary Power Supply for SA 6000 • Operating Temp 50°F to 104°F (10°C to 40°C) Field Upgradeable Secondary Hard Disk for SA 6000 • Storage Temp -40° to 158°F (-40°C to 70°C) SA6000-MEM Field Upgradeable (by authorized VAR only) Additional 2 GB Memory for SA 6000 • Relative Humidity (Operating) 8% to 90% noncondensing • Relative Humidity (Storage) 5% to 90% noncondensing • Altitude (Operating) -50 to 10,000 ft (3,000m) • Altitude (Storage) -50 to 35,000 ft (10,600m) Safety and Emissions Certification
• Safety: EN60950-1:2001+A11, UL60950-1:2003, CSA C22.2 No. 60950-1, • Emissions: FCC Class A, VCCI Class A, CE class A Copyright 006, Juniper Networks, Inc. All rights reserved. Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any Suite 507-, Asia Pacific Finance Tower inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.

Source: http://www.hynet.com.ar/productos/seguridad/datasheet/SA_6000.pdf