Avaya External Template for PowerPoint 2003

Download Report

Transcript Avaya External Template for PowerPoint 2003

Secure Access Link (SAL):

Supporting Cost Savings and Improving Secure Access

Agenda

Key Business Drivers

More Control, More Choices

SAL Overview

– Co-Resident Gateway – – Gateway Server Policy Server 

Use Scenarios

– Flexible Alarming – Secure Resolution – Policy Control 

Bottom Line Benefits

©2010. All rights reserved.

2

Key Business Drivers

Changing security standards and unpredictable business demands Streamline and Easily Manage Networks

 Common serviceability model across all Avaya Solutions  Flexible remote access architecture to support changing business needs

Enable Multiple Service Partners

 Choose who, when, and how products are accessed for remote support

Secure Network Operations

 Deliver industry standard secure remote access solutions  Provide strong authentication and logging of access sessions

$ Keep it Cost Effective

 Increase security with minimal incremental investment  Reduce ongoing costs to maintain security ©2010. All rights reserved.

3

More Control, More Choices

Next generation remote-access architecture for greater security, reliability, and flexibility

Secure

remote service environment

– Based on an egress access model 

Simplified

remote access across different connection types

– Elimination of modems and

need

for dedicated VPN hardware – Use of Internet connectivity (HTTPS) 

Increased support

options

‒ Consistent serviceability architecture across existing and future Avaya products ‒ Co-managed by Avaya, partners, and system integrators ©2010. All rights reserved.

4

Secure Access Link Overview

Co-Resident Gateway Gateway Server Policy Server

• Sends and receives alarms and connection requests for select Avaya products • Co-resides on select Avaya products that are delivered on the System Platform architecture • Sends and receives alarms and connection requests for legacy products • Standalone Software • Central defines, distributes, and manages policies such as access restrictions, proxy configurations, and authentication realms • Standalone software Concentrator Servers used by partners and Avaya to receive alarms and access customer systems for support

Bottom Line Benefits

Control Costs Improve Security Increase Options ©2010. All rights reserved.

5

Co-Resident Gateway

Automatically included on select Avaya products

How It Works

 Receives alarms from select current products  Forwards alarms to designated support centers  Polls for Connection Requests  Coordinates with Policy Server  Redundancy by way of Active Active Gateways – one product alarms to multiple gateways

Included Products

 Select current products e.g. Avaya Aura TM Communication Manager and Contact Center  All future products  For complete list of supported products, click here ©2010. All rights reserved.

6

Gateway Server

Provided as an entitlement (download) at no additional charge for customers that have purchased & registered Avaya product

How It Works

 Receives alarms from legacy products (click here for complete list of supported products)  Forwards alarms to designated support centers  Polls for Connection Requests  Coordinates with Policy Server  Redundancy by way of Active Active Gateways – one product alarms to multiple gateways

Requirements

 Installed on a server of your choice or a server provided by Avaya  Hardware – – – Single CPU with 1GHz clock speed 2 GB of RAM 40 GB of free drive space – 100 Mbps Ethernet Connection  Software – – – Red Hat Enterprise Linux 5.X

JRE 1.5

Perl 5.8

©2010. All rights reserved.

7

Policy Server

Provided as an entitlement (download) at no additional charge for customers that have purchased an Avaya maintenance contract with remote access support

How It Works

 Centralized Policy Definition and Management Tool  Defines Policy for Agent, Gateway, Concentrator Access, and Authentication  Deploys Policy to Agents and Gateway Server  Redundant server geographically dispersed to support failover (Roadmap)

Requirements

 Installed on your server of choice or a server provided by Avaya  Hardware – – – – Single CPU with 1GHz clock speed 1 GB of RAM 40 GB of free drive space 100 Mbps Ethernet Connection  Software – Red Hat Enterprise Linux 5.X (32-bit) ©2010. All rights reserved.

8

Use Scenarios

Secure Resolution

1. Flexible Alarming

• Alarms can be immediately sent to multiple service partners and/or your support center for quick response and improved oversight • All legacy, current, and future Avaya products are supported along with non-Avaya products and capabilities

2. Secure Resolution

• Any technician servicing your network is uniquely identified with authentication based on industry standards • Control all access and receive log of all service activities that meets stringent regulatory requirements

3. Policy Control

• Easily manage components and change your policy as needs change • Set up unique access policies customized for each service partners’ level of service ©2010. All rights reserved.

9

1. Flexible Alarming

Process Overview

A B C Alarms generated by the

Software Gateway

• • Forwards SNMP Traps (alarms) from products Embeds SNMP messages in HTTPS wrapper Alarms sent outbound from customer’s network

over the Internet

(or B2B VPN) Alarms immediately distributed as specified to customer, partner(s), and/or Avaya support centers

Highlights

• Ability to better monitor alarm activity • Always secure and encrypted transport of data • Choose which service partners receive alarms for resolution ©2010. All rights reserved.

10

1. Flexible Alarming Process

©2010. All rights reserved.

11

2. Secure Resolution

Process Overview

A

Agents

• poll servers for connection requests Authorization based upon customer policy • Two-Factor User Authentication (2FA) required for all Avaya technicians • • Enforced and validated by SAL Software Gateway All remote access connection requests are logged B Users create

Connection Requests

• From Concentrator Remote Servers whenever remote access is required • Connection Requests remain within Avaya or partner data centers C Once remote access is granted, an end-to-end connection between the individual and device is created within the

HTTPS proxy tunnel Highlights

• Enforce PCI regulations for all remote access with 2FA ‒ VeriSign certificate and eTokens • Multiple layers of security controls: 1. User Authentication 2. User Certificate Validation 3. Message Authentication 4. User Authorization 5. Auditing ©2010. All rights reserved.

12

2. Secure Resolution Process

©2010. All rights reserved.

13

2. Remote Access – System Platform

©2010. All rights reserved.

14

3. Policy Control

Process Overview

A Optional software component

deployed on customer-provided server

B C

Customer

defines access policy • • • • IP address and port for connections Time of Day window for connection User- or Group-specific policies White List / Black List Policy

enforced

by SAL Software Gateway Servers

Highlights

• Enables easy centralized management of components • Allows for active monitoring and termination of remote access sessions • Customize partner access policies based on level of service ©2010. All rights reserved.

15

3. Policy Control Process

©2010. All rights reserved.

16

Bottom Line Benefits

Co-Resident Gateway Gateway Server Concentrator Core Servers

Best Support for Avaya Customers

Policy Server

Control Costs

• Quickly implement new security or other policies • Avoid costs associated with non-compliance and potential compromise • Maintain compliance without costly workarounds

Improve Security

• Meet or exceed requirements specified by your organization’s security standard • Unique identity and strong authentication of technicians • Auditable access

Increase Options

• Accessible by customer, service partner, or Avaya technician • Channel-neutral support and self-support options • Legacy and future product support protects your investments ©2010. All rights reserved.

17

APPENDIX

©2010. All rights reserved.

18

Concentrator Servers

Optional capability partners can acquire to manage alarms from and remote access to customer networks

Avaya Secure Access Concentrator Remote Server

For remote access      Minimum 2 Xeon Processors (Separate or Dual Core Processor) 4GB RAM Minimum 80GB free disk space Red Hat 5.X Operating System JBoss 4.3 EAP

Global Access Server (GAS)

For over 10 concurrent remote connections     Minimum 2 Xeon Processors (Separate or Dual Core Processor) 8GB RAM Minimum 80GB free disk space Red Hat 5.0 Operating System

Avaya Secure Access Concentrator Core Server

For alarm reception      Minimum 2 Xeon Processors (Separate or Dual Core Processor) 4GB RAM Minimum 80GB free disk space Red Hat 5.X Operating System JBoss 4.3 EAP

Oracle 10G Database

For Concentrator Server data storage and management    Oracle 10.2.0.4 – 10.2.x.x

Minimum 40GB free table space 1MB per month per managed device ©2010. All rights reserved.

19

Restricted IP Addresses

©2010. All rights reserved.

20

SAL Training Courses

 1. Navigate to http://www.avaya-learning.com  2. Login to the website (or register if it’s your first time)  3. Click on Advanced Search (on top of page)  4. Enter the course code (from the list below) and hit SEARCH  5. Click on the Course Title to access the course. 

ATC00606WEN: SAL Gateway 2.0 Installation and Maintenance

ATC00607WEN: SAL Concentrator Remote 2.0 Operations

ATC00608WEN: SAL Concentrator Core 2.0 Operations

ATK00605OEN: SAL 1.8 Gateway Installation & Administration

ATK01111OEN: SAL 1.5 Policy Server Installation and Administration

 If you have trouble accessing the training, please use the Contact Us link on the Avaya University web page. ©2010. All rights reserved.

21