Avaya Identity Engines r8.0Allowing Network Access without compromising Security

© 2011 Avaya Inc. All rights reserved. 2

ScalableFuture-proof Wireless

Identity-basedNetwork Access Control

OptimisedFor collaborative, real time

applications

SecureNetwork & Device

security

Plan for Success…with Avaya’s BYOD Solution

© 2011 Avaya Inc. All rights reserved. 3

What is Identity Engines?

Identity and Network Access Control (NAC) solution

Ensures consistent and predictable network access for managed and unmanaged devices

Controls who can use the network to access which resources, whenand where they may do so

Supports any device, any network, any vendor

Centralised, out-of-line solution for maximum scalability and cost effectiveness

Automated, standards-based

Software-only, highly available

Facilitates regulatory compliance

© 2011 Avaya Inc. All rights reserved. 44

Identity EnginesAuthenticated Network Architecture

NET

WO

RK A

BSTR

ACTI

ON

LAY

ER

DIRE

CTO

RY A

BSTR

ACTI

ON

LAY

ER

Reporting & Analytics

Posture Assessment

Guest Access Mgmt

Identity Engines

Access Portal

CASE Client

PolicyEnforcement Point

PolicyDecision Point

PolicyInformation Point

© 2011 Avaya Inc. All rights reserved. 55

Identity Engines Portfolio

Highlights Ignition Server - centralised policy

engine that performs authentication and authorisation for clients attempting network access

Guest Manager - allows front desk staff to create temporary guest user accounts

Posture Compliance – integrates with MS-NAP for managed client health assessment

Analytics – presents network authorization and authentication information in a variety of summary and detail formats

Access Portal – compliance checking for un-managed devices e.g. BYOD

Addi

tiona

l App

licat

ions

Core Application

Ignition Server

MS-NAP Posture Compliance

Ignition Guest Manager

Ignition Analytics

Ignition Access Portal

© 2011 Avaya Inc. All rights reserved. 66

Access Portal– Captive Portal for wired and wireless access

from guest and BYOD– Device Profiling and BYOD on-boarding– Compliance checking leveraging C.A.S.E. and

MS-NAP

C.A.S.E. (Client for Accessing the Secure Enterprise)– Transient client for automating configuration of

managed and un-managed end-points to participate in NAC

– Dissolvable client: option for revertible or non-revertible deployment

GA date: April 30th 2012

Identity Engines - What’s New in 8.0?

Identity Engines r8.0 Best of Interop finalist

© 2011 Avaya Inc. All rights reserved. 7

Identity Engines Ignition Access Portal

Serves as a Captive Portal for non-802.1x clients

Performs device profiling

CASE Client for auto-config of 802.1x and MS-NAP on Windows machines

Device On-boarding

Facilitates network access to guest devices, non-802.1x devices,BYOD on-boarding, and CASE Client hosting.

A single license allows deployment of multiple Access Portals for different use against one Ignition Server instance .

© 2011 Avaya Inc. All rights reserved. 88

Identity Engines Ignition Access Portal Multiple Guest Managers may

be deployed against a singleinstance of the Ignition Server

Device Profiling– Administrator will be able to

set the Access Portal toperform device profiling ofwired and wireless devices

– Device fingerprinting:– Devices Type, Devices Sub-Type, Device OS, Devices OS Version– Devices attributes are sent to the Ignition Server for registration and association with user

BYOD On-boarding– Auto-register of Guest Visitor and Employee Guest devices– Device profiling of registering devices– Auto-association of devices with guest / employee records in Ignition Server– Populating device records in Ignition Server with device profile attributes

© 2011 Avaya Inc. All rights reserved. 99

CASE Client for Accessing the Secure Enterprise– Transient client to automate configuration of managed and guest’s un-

managed endpoint devices to participate in Network Access Control– CASE auto-configuration of 802.1x on Windows devices– CASE auto-configuration of MS-NAP on Windows devices

Identity Engines Ignition CASE Client

© 2011 Avaya Inc. All rights reserved. 1010

Identity Engines Use Cases

Corporate Governance and ComplianceBYOD access controlReducing OPEX through automationSimplified Guest Access by the front deskValidated remote access for non-corporate

devices (Teleworker, Disaster Recovery etc)M&A: integrating access policies and identities

from different organisations Authorised Fixed Assets (e.g. phones, printers,

health monitors etc.)

© 2011 Avaya Inc. All rights reserved. 1111

Enhanced Security

Granular Control

Reduced Costs

Simplicity

Flexibility

Regulatory Compliance

Identity Engines Conclusion

Secure Network Access for all users, all devices, all the time

© 2011 Avaya Inc. All rights reserved. 1212

ResourcesCollateral

– Brochures, Technical Configuration Guides etc.– BYOD customer presentation and white paper– Look in the Identity Engines Portal

Sales and Technical Support– Your local Avaya Networking Sales, CAM or TechOps contacts

30-Days Free Trial– ID Engines FULLY featured at URL: www.avaya.com/identitytr– All modules are included– Upgrade to production deployment simply by applying purchased licenses– Long term lab licenses available from

Avaya Product Management –ask your regular Avaya contact