w w w . c e l e s t i x . c o m
Connectivity
WSA has four connectivity modes to provide the exact access
your users and security standards require.
Web Applications
You can publish applications that provide a web user interface
directly through WSA. The gateway can present a single
application site, or offer a portal that lets users select multiple
applications from a menu. The gateway offers the benet of single
sign-on and intelligent scanning of trafc to exclude malware.
Secure Sockets Layer cryptography protects all applications.
Client/Server
Client/Server applications operate transparently through the
UAG gateway with the added protection of an SSL VPN
connection to prevent exposure of condential information to the
Internet. The UAG gateway maps internal addresses and ports
so that no information about the internal network can leak out.
UAG also provides intelligent application optimizers that scan for
application-specic attacks. Strong authentication, single sign-
on and ne-grained access policies ensure that only authorized
users are allowed controlled access. You can set access control
based on endpoint type and location as well as by user type.
For example, a policy may dictate different access rights from
a corporate PC than from a smart phone or public kiosk.
Session cleanup with cache purging ensures that no condential
information will remain on a public computer after the authorized
user logs off.
DirectAccess
Progressive businesses that want to provide their remote users
with “always on” access should consider DirectAccess. The
Windows® 7 and Windows Server® 2008 R2 operating systems
include DirectAccess, which allows remote users to securely
access enterprise shares, Web sites, and applications without
connecting to a virtual private network (VPN). DirectAccess treats
all endpoints as if they are on your internal network. The benet is
that Active Directory group policies, security updates and patch
management can all be enforced directly on the connected client.
DirectAccess support is built-in to Celestix WSA appliances and
can bridge the transition between traditional SSL VPN remote
access and fully DirectAccess-enabled networks. The WSA
enhances Direct Access by extending support to older legacy
business applications and non-windows clients within your
network.
Network Connector
Some users and applications require unencumbered access.
Network Connector provides network-level connections to
the entire internal network or to a restricted subnet dened by
the access policy. Network Connector supports all Microsoft
resource sharing protocols such as CIFS, NET-Bios, and LDAP.
An SSL VPN without Vulnerabilities
Many SSL VPN implementations tunnel past the corporate
rewall and expose the internal network to external threats. WSA
incorporates Microsoft Forefront Unied Access Gateway 2010
and Microsoft Forefront Threat Management Gateway 2010 into
a single integrated security appliance. By combining SSL VPN
and rewall functions, the WSA appliance ensures that the VPN
cannot be a backdoor past the rewall and into the enterprise
network. All SSL VPN sessions must also pass all rewall rules.
Internet
CRM/HR
Server
Celestix WSA
Unied Access Gateway
Appliances
Intranet
(SharePoint
Server)
Exchange
Server
Enterprise LAN
Employee on
home computer
Authorized
Business Partner
Employee PDA user
Employee Smart Phone
User
Microsoft
Applications
Commentaires sur ces manuels