Sonicwall Secure Mobile Access (Sma)
Total Page:16
File Type:pdf, Size:1020Kb
SONICWALL SECURE MOBILE ACCESS (SMA) Secure anywhere, anytime access to corporate resources across multi- cloud environments based on user and device identity, location and trust. SonicWall SMA is a unified secure access Managed service providers Benefits: gateway that enables organizations to For either organizations hosting their own provide anytime, anywhere and any infrastructure or for managed service • Unified access to all network and cloud resources for “any time, any device, any device access to mission critical corporate providers, SMA provides turnkey solution application” secure access resources. SMA’s granular access control to deliver a high degree of business • Control who has access to what resources policy engine, context aware device continuity and scalability. SMA can support by defining granular policies with the robust authorization, application level VPN and up to 20,000 concurrent connections access control engine advanced authentication with single on a single appliance, with the ability to • Increase productivity by delivering federated sign-on empowers organizations to scale upwards of hundreds of thousands single sign-on to any SaaS or locally hosted embrace BYOD and mobility in a multi- users through intelligent clustering. Data application with a single URL cloud environment. centers can reduce costs with active-active • Lower TCO and reduce complexity of access clustering and a built-in dynamic load management by consolidating infrastructure Mobility and BYOD balancer, which reallocates global traffic to components in a hybrid IT environment For organizations wishing to embrace the most optimized data center in real- • Gain visibility into every connecting device BYOD, flexible working or third party time based on user demand. SMA tool sets and grant access based on policies and the access, SMA becomes the critical enable service providers to deliver services health of the endpoint enforcement point across them all. with zero downtime, allowing them to fulfill • Prevent malware breaches by scanning SMA delivers best-in-class security to very aggressive SLAs. all files uploaded into your network with minimize surface threats, while making Capture ATP sandbox organizations more secure by supporting SMA empowers IT departments to provide • Protect against web based attacks latest encryption algorithms and ciphers. the best experience and the most secure and provide PCI compliance with Web SonicWall’s SMA allows administrators access depending on the user scenario. Application Firewall add-on to provision secure mobile access and Available as hardened physical appliances • Stop DDoS and zombie attacks with Geo IP identity-based privileges so end-users or powerful virtual appliances, SMA fits detection and Botnet protection get fast, simple access to the business seamlessly into existing on-prem and/or • Get secure, native agent functionality using applications, data and resources they cloud infrastructure. Organizations can web browser based clientless HTML5 access require. At the same time, organizations choose from a range of fully clientless without the overhead of installing and can institute secure BYOD policies to web-based secure access for third parties maintaining agents on the endpoint devices protect their corporate networks and data or employees on personally owned devices, • Gain actionable insights you need to make from rogue access and malware. or a more traditional client-based full the right decisions with real-time monitoring tunnel VPN access for executives across and comprehensive reporting Move to the cloud all device types. Whether organizations • Deploy as physical appliance or virtual For organizations embarking on a cloud need to provide reliable secure access to appliance in private clouds on ESXi or migration journey, SMA offers a single Hyper-V, or in AWS or Microsoft Azure five users from a single location, or scale public cloud environments sign-on (SSO) infrastructure that uses a up to thousands’ of users across globally single web portal to authenticate users distributed networks, SonicWall SMA has • Enable dynamic issuance of access licenses in a hybrid IT environment. Whether the based on real-time demand, with automated a solution. endpoint direction to the highest performing corporate resource is on-premise, on and lowest latency connection the web or in a hosted cloud, the access SonicWall SMA enables organizations to • Reduce upfront costs with built-in load experience is consistent and seamless. embrace mobility and BYOD without fear, balancing without additional hardware or SMA also integrates with industry leading and move to the cloud with ease. SMA services, while providing zero user impact on multi-factor authentication technologies empowers workforces and provides them appliance failover for added security. with a consistent access experience. • Insure against business disruptions or seasonal spikes by scaling capacity instantly SMA Deployment A hardened edge gateway for anytime, anywhere, any device secure access SMA provides comprehensive end-to-end secure remote access to corporate resources hosted across on-prem, cloud and hybrid datacenters. It applies identity-based, policy enforced access controls, context-aware device authentication, and application level VPN to grant access to data, resources and applications after establishing user and device identity, location and trust. Flexibly deployed as a hardened Linux appliance or virtual appliance in private clouds on ESXi or Hyper-V, or in AWS or Microsoft Azure public cloud environments. UsersClients SMA Global Access Layer Corporate Resources Configure full or Central Manageent Server (CMS) 1 Authentication & perissible access Configurations • ngnt of A 000 eries SaaS Anywhere Remote Users • Allot pool u ln • Global Traffic Optimizer (GTO), Global HA and DR An Establish usersdevices 2 • View alerts and user activity reports identity and trust • Autot tntnn ul Mngnt Google Drive Conol 3 Grant secure VPN Clientless Access https:// access via SSO & MFA SSO & MFA VPN3 Tunnel Anywhere, anytime 1 A ople OneDrive 4 secured access after establishing user and device identity and trust IDPMASSO On-Pre VPN Tunnel Global HA SMA (Active) 4 2 Zero-Trust Secure Access VPN Tunnel Global HA SMA (Active) Endpoint Copliance Applications & Data VPN Tunnel HQ Private Cloud 3 Remote/Internal Users Global HA SMA (Standby/DR) Full Client EPC SSO & MFA VPN Tunnel Company Cloud Resources SMA Cloud / On-prem Deployment Flexible deployment with physical and virtual appliances interrogated for essential security information such as jailbreak SonicWall SMA can be deployed as a hardened, high- or root status, device ID, certificate status and OS versions prior performance appliance or as a virtual appliance leveraging to granting access. Devices that do not meet policy requirements shared computing resources to optimize utilization, ease are not allowed network access and the user is notified migration and reduce capital costs. The hardware appliances are of non-compliance. built on a multi-core architecture that offers high performance Consistent experience from a single web portal with SSL acceleration, VPN throughput and powerful proxies to deliver robust secure access. For regulated and federal Users do not need to remember all the individual application organizations, SMA is also available with FIPS 140-2 Level 2 URLs and maintain exhaustive bookmarks. SMA provides a certification. The SMA virtual appliances offer the same robust centralized access portal, giving users one URL to access all secure access capabilities on major virtual or cloud platforms mission critical applications from a standard web browser. After including Microsoft Hyper-V, VMware ESX, and AWS. the user logs on through a browser, a customizable web user portal is displayed in the browser window, providing a single Shared user licenses across the appliances pane of glass view to access any SaaS or local application. The Organizations with appliances that are globally distributed can portal only displays links and personalized bookmarks relevant benefit from the fluctuating demands for user licenses due to to the particular endpoint device, user or group. The portal time differences. Whether an organization deploys full VPN is platform agnostic and supports all major device platforms licenses or basic ActiveSync licenses, SMA’s central management including Windows, Mac OS, Linux, iOS and Android devices, reallocates licenses to managed appliances where user demands and broad browser support across all these devices. have peaked from appliances in a different geographic area, Federated single sign-on to both SaaS and local applications where usage has fallen due to off-work/night hours. Eliminate the need for multiple passwords, and stop bad security Network visibility with context aware device profiling practices such as password reuse. SMA provides federated Best-in-class, context-aware authentication grants access only SSO to both cloud hosted SaaS applications and campus hosted to trusted devices and authorized users. Laptops and PCs applications. SMA integrates with multiple authentication, are also interrogated for the presence or absence of security authorization, and accounting servers and leading multi-factor software, client certificates, and device ID. Mobile devices are authentication technologies for added security. Secure SSO is delivered only to authorized endpoint devices after SMA checks 2 endpoint health status and compliance. Access