Transcript Avaya External Template for PowerPoint 2003
Secure Access Link (SAL):
Supporting Cost Savings and Improving Secure Access
Agenda
Key Business Drivers
More Control, More Choices
SAL Overview
– Co-Resident Gateway – – Gateway Server Policy Server
Use Scenarios
– Flexible Alarming – Secure Resolution – Policy Control
Bottom Line Benefits
©2010. All rights reserved.
2
Key Business Drivers
Changing security standards and unpredictable business demands Streamline and Easily Manage Networks
Common serviceability model across all Avaya Solutions Flexible remote access architecture to support changing business needs
Enable Multiple Service Partners
Choose who, when, and how products are accessed for remote support
Secure Network Operations
Deliver industry standard secure remote access solutions Provide strong authentication and logging of access sessions
$ Keep it Cost Effective
Increase security with minimal incremental investment Reduce ongoing costs to maintain security ©2010. All rights reserved.
3
More Control, More Choices
Next generation remote-access architecture for greater security, reliability, and flexibility
Secure
remote service environment
– Based on an egress access model
Simplified
remote access across different connection types
– Elimination of modems and
need
for dedicated VPN hardware – Use of Internet connectivity (HTTPS)
Increased support
options
‒ Consistent serviceability architecture across existing and future Avaya products ‒ Co-managed by Avaya, partners, and system integrators ©2010. All rights reserved.
4
Secure Access Link Overview
Co-Resident Gateway Gateway Server Policy Server
• Sends and receives alarms and connection requests for select Avaya products • Co-resides on select Avaya products that are delivered on the System Platform architecture • Sends and receives alarms and connection requests for legacy products • Standalone Software • Central defines, distributes, and manages policies such as access restrictions, proxy configurations, and authentication realms • Standalone software Concentrator Servers used by partners and Avaya to receive alarms and access customer systems for support
Bottom Line Benefits
Control Costs Improve Security Increase Options ©2010. All rights reserved.
5
Co-Resident Gateway
Automatically included on select Avaya products
How It Works
Receives alarms from select current products Forwards alarms to designated support centers Polls for Connection Requests Coordinates with Policy Server Redundancy by way of Active Active Gateways – one product alarms to multiple gateways
Included Products
Select current products e.g. Avaya Aura TM Communication Manager and Contact Center All future products For complete list of supported products, click here ©2010. All rights reserved.
6
Gateway Server
Provided as an entitlement (download) at no additional charge for customers that have purchased & registered Avaya product
How It Works
Receives alarms from legacy products (click here for complete list of supported products) Forwards alarms to designated support centers Polls for Connection Requests Coordinates with Policy Server Redundancy by way of Active Active Gateways – one product alarms to multiple gateways
Requirements
Installed on a server of your choice or a server provided by Avaya Hardware – – – Single CPU with 1GHz clock speed 2 GB of RAM 40 GB of free drive space – 100 Mbps Ethernet Connection Software – – – Red Hat Enterprise Linux 5.X
JRE 1.5
Perl 5.8
©2010. All rights reserved.
7
Policy Server
Provided as an entitlement (download) at no additional charge for customers that have purchased an Avaya maintenance contract with remote access support
How It Works
Centralized Policy Definition and Management Tool Defines Policy for Agent, Gateway, Concentrator Access, and Authentication Deploys Policy to Agents and Gateway Server Redundant server geographically dispersed to support failover (Roadmap)
Requirements
Installed on your server of choice or a server provided by Avaya Hardware – – – – Single CPU with 1GHz clock speed 1 GB of RAM 40 GB of free drive space 100 Mbps Ethernet Connection Software – Red Hat Enterprise Linux 5.X (32-bit) ©2010. All rights reserved.
8
Use Scenarios
Secure Resolution
1. Flexible Alarming
• Alarms can be immediately sent to multiple service partners and/or your support center for quick response and improved oversight • All legacy, current, and future Avaya products are supported along with non-Avaya products and capabilities
2. Secure Resolution
• Any technician servicing your network is uniquely identified with authentication based on industry standards • Control all access and receive log of all service activities that meets stringent regulatory requirements
3. Policy Control
• Easily manage components and change your policy as needs change • Set up unique access policies customized for each service partners’ level of service ©2010. All rights reserved.
9
1. Flexible Alarming
Process Overview
A B C Alarms generated by the
Software Gateway
• • Forwards SNMP Traps (alarms) from products Embeds SNMP messages in HTTPS wrapper Alarms sent outbound from customer’s network
over the Internet
(or B2B VPN) Alarms immediately distributed as specified to customer, partner(s), and/or Avaya support centers
Highlights
• Ability to better monitor alarm activity • Always secure and encrypted transport of data • Choose which service partners receive alarms for resolution ©2010. All rights reserved.
10
1. Flexible Alarming Process
©2010. All rights reserved.
11
2. Secure Resolution
Process Overview
A
Agents
• poll servers for connection requests Authorization based upon customer policy • Two-Factor User Authentication (2FA) required for all Avaya technicians • • Enforced and validated by SAL Software Gateway All remote access connection requests are logged B Users create
Connection Requests
• From Concentrator Remote Servers whenever remote access is required • Connection Requests remain within Avaya or partner data centers C Once remote access is granted, an end-to-end connection between the individual and device is created within the
HTTPS proxy tunnel Highlights
• Enforce PCI regulations for all remote access with 2FA ‒ VeriSign certificate and eTokens • Multiple layers of security controls: 1. User Authentication 2. User Certificate Validation 3. Message Authentication 4. User Authorization 5. Auditing ©2010. All rights reserved.
12
2. Secure Resolution Process
©2010. All rights reserved.
13
2. Remote Access – System Platform
©2010. All rights reserved.
14
3. Policy Control
Process Overview
A Optional software component
deployed on customer-provided server
B C
Customer
defines access policy • • • • IP address and port for connections Time of Day window for connection User- or Group-specific policies White List / Black List Policy
enforced
by SAL Software Gateway Servers
Highlights
• Enables easy centralized management of components • Allows for active monitoring and termination of remote access sessions • Customize partner access policies based on level of service ©2010. All rights reserved.
15
3. Policy Control Process
©2010. All rights reserved.
16
Bottom Line Benefits
Co-Resident Gateway Gateway Server Concentrator Core Servers
Best Support for Avaya Customers
Policy Server
Control Costs
• Quickly implement new security or other policies • Avoid costs associated with non-compliance and potential compromise • Maintain compliance without costly workarounds
Improve Security
• Meet or exceed requirements specified by your organization’s security standard • Unique identity and strong authentication of technicians • Auditable access
Increase Options
• Accessible by customer, service partner, or Avaya technician • Channel-neutral support and self-support options • Legacy and future product support protects your investments ©2010. All rights reserved.
17
APPENDIX
©2010. All rights reserved.
18
Concentrator Servers
Optional capability partners can acquire to manage alarms from and remote access to customer networks
Avaya Secure Access Concentrator Remote Server
For remote access Minimum 2 Xeon Processors (Separate or Dual Core Processor) 4GB RAM Minimum 80GB free disk space Red Hat 5.X Operating System JBoss 4.3 EAP
Global Access Server (GAS)
For over 10 concurrent remote connections Minimum 2 Xeon Processors (Separate or Dual Core Processor) 8GB RAM Minimum 80GB free disk space Red Hat 5.0 Operating System
Avaya Secure Access Concentrator Core Server
For alarm reception Minimum 2 Xeon Processors (Separate or Dual Core Processor) 4GB RAM Minimum 80GB free disk space Red Hat 5.X Operating System JBoss 4.3 EAP
Oracle 10G Database
For Concentrator Server data storage and management Oracle 10.2.0.4 – 10.2.x.x
Minimum 40GB free table space 1MB per month per managed device ©2010. All rights reserved.
19
Restricted IP Addresses
©2010. All rights reserved.
20
SAL Training Courses
1. Navigate to http://www.avaya-learning.com 2. Login to the website (or register if it’s your first time) 3. Click on Advanced Search (on top of page) 4. Enter the course code (from the list below) and hit SEARCH 5. Click on the Course Title to access the course.
ATC00606WEN: SAL Gateway 2.0 Installation and Maintenance
ATC00607WEN: SAL Concentrator Remote 2.0 Operations
ATC00608WEN: SAL Concentrator Core 2.0 Operations
ATK00605OEN: SAL 1.8 Gateway Installation & Administration
ATK01111OEN: SAL 1.5 Policy Server Installation and Administration
If you have trouble accessing the training, please use the Contact Us link on the Avaya University web page. ©2010. All rights reserved.
21