180 likes | 279 Views
Secure Access using IAG 2007. Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata Oliver Chandler – Infrastructure Manager – Bedford Hospital NHS Trust. Agenda. Eurodata Introduction
E N D
Secure Access using IAG 2007 Presented by: Brian Dunleavy - Healthcare Business Manager - Eurodata Susanna Watson – Pre Sales Technical Consultant - Eurodata Oliver Chandler – Infrastructure Manager – Bedford Hospital NHS Trust
Agenda • Eurodata Introduction • Why use the Microsoft IAG 2007 Gateway? • Benefits of the IAG 2007 solution • What Makes Microsoft’s Application Access and Security Technology Unique? • Architecture of an IAG 2007 based solution • Demonstration of IAG in use at Bedford Hospital NHS Trust • Q&A
Eurodata – NHS Focus • Core Infrastructure focus – “Better Health” offering • Excellent understanding of NHS operational requirements • 40 NHS reference sites across UK • N3 Code of Connection in place for support • Eurodata introduced Whale Communications (Now IAG) into UK market • Over 100 IAG implementations across all sectors • Microsoft’s Partner of the year 2008; Security Solutions – Based upon Essex Rivers Healthcare solution success
Safeguard Information Control Access Protect Assets Secure, browser-based access to corporate applications and data from more locations and more devices Ensure the integrity and safety of network and application infrastructure by blocking malicious traffic and attacks Comprehensive policy enforcement drives compliance with legal and business guidelines concerning access to sensitive data What is Intelligent Application Gateway? The IAG provides SSL-based application access and protection with endpoint security management, enabling granular access control and content inspection from a broad range of devices and locations to line-of-business, intranet, and client-server resources.
Edge Server Applications Client and Server OS Forefront – Where does IAG 2007 fit?
Why Trusts consider the Microsoft SSL VPN Gateway? • Trust could benefit from offering employees remote access to their applications and information • Your current systems are inflexible (IP SEC etc) • You want to reduce remote access costs (CfH centrally funded IAG 2007 User CAL’s) • Security is important to your organisation • You are creating or updating your organization’s DR or BC plan’s • You have a Microsoft based infrastructure strategy and are looking further invest in this.....
IAG 2007 offers a comprehensive set of features, including: Security • Full endpoint security and rich client-side policy compliance engine • Physical disconnection between the Internet and internal networks • Protection against network and operating system vulnerabilities • Reduction of reliance on patching to protect both the SSL VPN platform and internal servers from outside threats
IAG 2007 offers a comprehensive set of features, including: Flexibility • Granularity of access controls based on user & access device - even within applications. • Native integration to RADIUS, LDAP, Microsoft Active Directory, Windows Networks, Novell Directory and File Shares, Client Certificate, RSA SecurID and Strong Authentication tools. • Ability to support multiple virtual SSL VPN’s on a single appliance. • A remote access platform that can extend remote access beyond employees to vendors, partners, contractors, customers Management and Control • The Microsoft IAG solution allows secure web-based monitoring from anywhere.
Microsoft’s technology offers a comprehensive set of features, including: Application Intelligence • Out-of-the-box functionality in pre-configured modules that incorporate application-specific positive logic to protect back-end servers while allowing granular security policies based on client-machine state. • Support for complex enterprise applications without requiring a component download to the client, or without opening a risky network-level connection. • Highly granular endpoint compliance checks updated to mitigate the latest security threats. • Technology to enforce client-side compliance policies within applications (e.g. "Can't wipe, can't download" or "No antivirus, no upload" or “Run a specific application from company-owned machines only” while allowing the rest of the respective applications to function normally).
Microsoft’s technology offers a comprehensive set of features, including: End-User Experience • Intuitive User Interface with familiar Windows-like feel. • Internet Explorer taskbar for easy navigation; no random pop-up windows. • Non-intrusive timeouts and periodic re-authentication (users will NOT lose work due to time outs). • Single Sign On (SSO) enables collection of all credentials up-front and users are not re-prompted during the current session. SSO for NTLM, form-based, PKI, and Basic Authentication schemes is supported. • Remote password management including both the ability to change passwords via the SSL VPN.
What Makes Microsoft’s Application Access and Security Technology Unique? • IAG works with more applications at the application level and offers stronger security than any other SSL VPN • can serve as an access platform even for partners who many not be accessing internal resources from trusted endpoints • Attachment wiper to prevent residue on access device • IAG offers a greater level of granularity and flexibility • as a result delivers access in many situations where, in order to enforce security, other SSL VPNs block access • Ability to access information not block it! • Users prefer the Microsoft product over competing solutions • since the user experience can be fully customized to look and function the way they want it to • Other SSL VPNs limit customization to colour preferences, bookmarks and the like, while IAG allows the entire user experience to be customized • Support for NHS Smartcards • Used to access Spine enables PACS • Integration with MOSS 2007 • IAG 2007 is customised to work seamlessly with MOSS 2007 platform • CSIA claims tested mark • Government approved platform
B - Background Information • 2,500 users • 130 servers • AD 2008 Servers (Single Sign On with Terminal Server 2008) • Exchange 2003 • SMS 2003 • ISA 2005 • IAG 2007
- why and who uses it? • Over 250 users • ActiveSync users • All with different requirements accessing the below services:- • PACS (AGFA 6.2.1) • General file access • Email (web and full client) • Support (for 3rd parties) • Web based applications (National and Local) • Roaming users • Terminal Services
Next Steps • Better Health literature • Case Study • Demonstration Brian Dunleavy NHS Business Manager t : 0207 549 3045 e : brianD@eurodatasystems.com www.eurodatasystems.com/healthcare