EX-1500{tm}

Transcription

EX-1500{tm}
product Family data s heet
A V E N T A I L
®
™
™
EX-1500 & EX-750
Aventail’s award-winning SSL VPN appliances provide clientless
anywhere access to employees and business partners, and increased
control over security and cost.
The Aventail EX family of SSL VPN appliances
The technologically advanced Aventail family of
SSL VPN appliances includes the Aventail®
EX-1500™ and the Aventail® EX-750™. The Aventail
EX-1500 is our scalable, enterprise-class solution.
It offers integrated high availability that ensures
end users round-the-clock access to critical
information. The EX-750 brings the advantages of
Aventail’s secure and easy-to-manage VPN
solutions to small to mid-size companies.
• Transparent access with Aventail®
OnDemand™, a small Java agent, for
client/server applications.
• Aventail® Connect™, a Web-delivered
Windows client, for convenient, complete
application access with additional network
and desktop protection.
• Access method—as well as security level—
is automatically determined and deployed
for ultimate security and ease-of-use.
By offering the broadest range of access options
in the market and making them available
through Aventail® ASAP™ WorkPlace, a
personalized, policy-driven, secure remote
access portal, Aventail increases user
productivity without sacrificing
security. For administrators, Aventail’s
intuitive, Web based Aventail® ASAP™
Management Console (AMC) and
object-oriented policy model offer the
most powerful control with the least
amount of work. Unique in the
Aventail EX-750
industry, Aventail® Unified Policy™
You are a small to mid-size
provides centralized administration
company, an enterprise
and a single setup covering all
department, or you have a
remote facility. You need to
resources and access methods.
Now, regardless of whether you’re supporting
thousands of users or fewer than 50, you can
realize the security, productivity, and cost-savings
of an Aventail SSL VPN.
Aventail EX-1500
You are a large enterprise
with thousands of remote
access users. You need high
availability to ensure anytime
access to critical applications.
The EX-1500 offers:
• A scalable, enterprise-class
clientless remote access
solution based on Aventail’s
proven SSL VPN platform.
• Clustering and high
availability (HA)
support with integrated
load balancing.
• An ideal solution if you
plan to grow to more than
50 concurrent users in the
next 12-18 months.
support up to 50 concurrent
remote access users.
The EX-750 offers:
• The advantages of Aventail’s
proven, secure, and easy-tomanage SSL VPN platform
at a lower cost.
• A cost-effective unit intended
for standalone use.
• An ideal solution if
your user base will
not grow beyond 50
concurrent users.
Aventail® Smart Access™ options deliver
today’s most complete SSL VPN solution
Aventail SSL VPN appliances deliver everything
you need to provide secure access to any
application from any device. Our secure
application access platform is designed to provide
practical, easy-to-use anywhere access for the
user, and simple manageability, usability, and risk
mitigation for the administrator.
For end users, Aventail® Smart Access™ offers a
seamless access experience:
• Clientless Web browser access for Web
applications and file shares
Aventail End Point Control
While the productivity benefit of
providing anywhere remote access is
clear, so is the risk: You now deliver
access from places and devices IT
cannot possibly control. Aventail® End
Point Control™ (EPC) addresses these
inherent security threats through
Device Interrogation—eliminating
risks before authentication, Policy
Zones—associating access with level
of trust, and data protection—
preventing users from leaving confidential
information behind in unmanaged environments
such as at a kiosk. Aventail handles each of
these areas with more depth, ease of use, and
security than other vendors do.
For example, Aventail provides data protection
features such as Aventail® Cache Control™ for
advanced cache cleaning and Aventail® Secure
Desktop™, which encrypts user’s local data and
destroys it at the end of the session. For
additional protection against the full range of
remote access threats, Aventail integrates with
our technology partners’ firewalls, intrusion
detection, virus protection, and other client-side
security offerings.
At a glance:
Clientless
Simple access to Web, client/server,
and legacy applications, as well as to
file shares from any device, anywhere,
over any network.
Secure
Granular access control, aliased URLs,
full authentication support, and
hardened appliances reduce risk. End
Point Control ensures security from
untrusted, semi-trusted, and trusted
environments.
Leading policy management
Aventail® Unified Policy™ delivers
sophisticated object-based policy
management that simplifies and
streamlines complex access rules into
one rule set that can be intuitively
managed from a single page.
Broad application and
platform support
Microsoft Outlook, Lotus Notes, SAP,
PeopleSoft, Oracle, and Citrix, to
name a few. Get browser-based access
from Windows, Pocket PC, Linux, or
Macintosh platforms.
High availability
Integrated load balancing and
active/active stateful failover on the
EX-1500 for a highly reliable SSL VPN
solution without the added cost of a
third-party load balancer.
Scalable
Innovative technology grows to
meet your organization’s remote
access needs.
Immediate ROI
Unified Policy and no IPSec clients to
manage mean lower administration
costs. Transparent end-user experience
reduces support costs. Broader access
increases productivity.
Aventail: the leading SSL VPN product company
Aventail is the leading SSL VPN product company and the authority on clientless anywhere secure access.
Aventail’s appliances and managed services deliver secure, seamless access from anywhere, to any
application, on any device. Positioned in the Leader quadrant in Gartner’s 2004 SSL VPN Magic
Quadrant and ranked as a Leader in the 2004 METAspectrum report on SSL VPNs, Aventail also was
recently awarded “Best VPN” by SC Magazine. Major service providers such as AT&T, MCI, Sprint, and
Bell Canada have built their SSL VPN managed service businesses on Aventail’s SSL VPN technology. To
find out what Aventail customers like Aetna, DuPont, Office Depot, TNT, and Sanyo already know about
Aventail’s SSL VPN, go to www.aventail.com.
®
™
Standard Web Browser
Aventail OnDemand
Secure clientless access
to Web applications
and file shares from a
standard SSL-capable
browser.
Downloadable Java agent
for secure access to
client/server applications.
Optimal for:
• Teleworkers and other
personal PC users
• Windows (including
Pocket PC), Linux, and
Macintosh
• Business partners
• Desktops not
managed by IT
• Pocket PC users
Optimal for:
• Casual remote
access
• Web-only users
• Business partners
®
Aventail Connect
Corporate Headquarters: 808 Howell Street
Seattle, WA 98101 • Tel 206.215.1111
1.877.AVENTAIL (U.S.) • Fax 206.215.1120
www.aventail.com
Aventail EMEA: Tel +44 (0) 870 240 4499
emea@aventail.com
Aventail Asia-Pacific: Tel +65 6832 5947
asiapac@aventail.com
Aventail® Smart Access™ transparently determines
the best access method without user intervention.
Users can securely and easily access a broad
range applications
from anywhere.
™
Web-delivered Microsoft
Windows client for
complete, self-updating,
secure application access
with additional network
and desktop protection.
Optimal for:
• Remote access
power users
• Wireless LAN users
• Desktops managed
by IT
Technical Specifications | Feature Specifications
SECURITY
• File system access controls
Windows domain
Network & Device Protection
• Split Tunneling Control
(Connect)
•
•
Windows Server UNC
• Hides internal DNS
namespace and IP
addressing scheme
•
Full-path UNC
• URLs can be aliased
• Hardened against attack
• Prevents direct connections
to internal network
• TCP/UDP port restrictions
Authentication Methods
• Server-side digital
certificates, independent
of end-user authentication
method
• Username/Password
• Client-side digital certificates
• RSA SecurID and other onetime password tokens
Directories
• Microsoft Active Directory
(native mode)
• LDAP (Active Directory, Sun
iPlanet, etc.)
• RADIUS (Windows NT,
ACE, etc.)
Single Sign-on Adapters
• Forms-based single sign-on
for Web authentication
products like Netegrity
SiteMinder and
RSA ClearTrust
• HTTP basic authentication
(IETF RFC 2617)
forwarding
• Windows Domain SSO
(Connect only)
• NTLM for Microsoft Web
servers
Access Control Options
• User and group (handles
users in multiple groups)
• Source IP and network
• Destination network
• Destination URL
• Service/Port, such as FTP,
HTTP (OnDemand and
Connect only)
• Day, date, time and range
• Browser encryption
key length
multi-port, dynamic port,
including standard Internet
e-mail protocols, native
e-mail protocols, terminal
emulation protocols, and
terminal services)
Encryption
• Configurable session length
•
• Ciphers: DES, 3DES, RC4
•
• Hashes: MD5, SHA
End Point Control
• Aventail Host Interrogator
• Aventail Cache Control
(data protection)
• Aventail Secure Desktop
(advanced data protection)
• Sygate On-Demand (data
protection and host integrity)
Passive- and activemode FTP
Windows Networking
Support (Windows GINA
support, drive mapping,
password change
notification, login scripts)
MANAGEMENT &
ADMINISTRATION
• ASAP Management
Console: Web-based
management
• Secure Shell (SSH) support
• Leverage Aventail-prepared
report templates to create
standard auditing and
management reports
AVAILABILITY (EX-1500)
• Support for high-availability
2-node clusters with built-in
load-balancing and stateful
authentication failover
• EX-1500 Dimensions:
16.9” W x 1.7” H x
23.9” D (43cm W x
4.3cm H x 60.9cm D)
• EX-750 Dimensions:
17" W x 1.71" H x 15" D
(43.18cm W x 4.34cm
H X 38.1cm D)
• WholeSecurity Confidence
Online Enterprise Edition
(malware and Trojan
scanning)
Auditing
• User/Group
MARKET LEADERSHIP
• Source IP address and port
Awards and Reviews
• Zone Labs Integrity
Clientless Security (malware
and Trojan scanning)
• Destination IP address
and port
APPLICATION SUPPORT
• Browser-based access:
• Date/time
Web File Access:
SMB/CIFS, DFS
• OnDemand (Java applet
access):
Any TCP-based
application (single port,
multi-port, dynamic port,
including standard Internet
e-mail protocols, native email protocols, terminal
emulation protocols, and
terminal services)
•
•
Passive-mode FTP
Integration with Java
applets and ActiveX controls
•
• Connect (Windows client)
Any TCP- or UDP-based
application (single port,
•
• EX-1500: Output power
350W
• EX-750: Input voltage 100
(5A)/240 (2.5A) VAC PFC
auto-switching
MONITORING &
REPORTING
•
• EX-750: Non-operating
shock 50g,11msec
CHASSIS
• 1U rack-mount form factor
• Norton and McAfee antivirus detection
Web-based: HTTP/HTTPS,
DHTML/HTML, JavaScript,
VBScript
POWER
• EX-1500: Input voltage 120
(5.5A) / 240 (2.76A) VAC
auto-switching
• Support for load-balanced
arrays using standard
external load balancers
• Directory browsing and
connection testing
•
• EX-750: Operating
temperature 0º - 50º C
• EX-1500: Power supply
MTBF100,000 hours at
35°C (95°F)
• Integrated personal firewall
detection from Zone Labs,
Sygate, and Microsoft XP
SP2 firewall
• Serial console access
• EX-750: Two 10/100
Base-T Ethernet
NETWORK
• EX-1500: Two 10/100/
1000 Base-T Ethernet
• Bytes processed
• EX-750: Output power
200W
• EX-750: Power supply
MTBF 100,000 hours at
40° C
ENVIRONMENTAL
• EX-1500: Operating
temperature 5ºC to 35ºC
(41ºF to 95ºF)
• EX-1500: Non-operating
shock 50g,11msec
• Leader status in industry evaluation
REGULATORY
APPROVALS
Emissions
• EX-1500: FCC Class A,
CISPR 22, EN 50 022,
EN 55 024,VCCI Class
A (ITE), ICES-003,
AS/NZS 3548
• EX-750: FCC pt 15,
EN55022 and EN50024
• EX-750: VCCI
Safety
• EX-1500: UL 1950 - CSA
950-95, EN 60 950, IEC
950, EMKO-TSE (74SEC) 207/94
• EX-750: CAN/CSA C22.2
No. 60950-95, UL
60950-1Third Edition,
CB Scheme
• Strongest Pure Play
• Best Secure Remote
Access Gateway
• URLs accessed
• Authentication method
Certifications
Logging
• Support for central SYSLOG
server
• W3C Common Log Format
• SOCKS5 Log Format
(OnDemand and Connect
only)
Monitoring
• View logs and performance
information via the AMC
WHO RELIES ON AVENTAIL?
Customers
• User connection monitoring
• Event alarms
• SNMP integration including
Aventail-specific SNMP MIB
Reporting
• Support for Crystal Reports
and other leading reporting
formats
Service Providers
©2004 Aventail Corporation. All rights reserved. Aventail, Aventail ASAP, Aventail Cache Control, Aventail Connect, Aventail End Point Control, Aventail EX-750, Aventail EX-1500, Aventail OnDemand, Aventail Secure
Desktop, Aventail Smart Access, Aventail Unified Policy, and their respective logos are trademarks, registered trademarks, or service marks of Aventail Corporation. Other product and company names mentioned are the trademarks of their respective owners.
DS-4059-0904/7