AppGate Security Server
Protect network resources & provision access from any device, any location.
Traditionally, securing networks involved building a wall around the edge of the network. Everything on the outside was treated as a threat and everything on the inside as benign. However, this has changed. The firewall-centric approach is no longer applicable.
A better way to build secure networks
The AppGate Security Server solves this challenge by using a different approach to security: protecting the IT assets, not the network perimeter. All users are treated the same regardless of their location, and access to individual systems is granted to authorized users on a needs-only basis. The result is secure, role based access control, a simpler network infrastructure, and much greater flexibility since it is as easy to share network resources with business partners, home workers and mobile users as it is for internal users.
- The Security Server replaces multiple point products with one appliance which is easier to manage and cheaper to run
- Strong security protects against internal and external threats
- Internal secure domains protect critical data without the need for internal firewalls
- Role Based remote access from any device, any location
- Central control of security policies and user administration
- Business continuity and high availability through clustering
- Full monitoring and reporting of all user access for regulatory compliance
- Supports a wide range of mobile platforms including Nokia Series 60 (Symbian), Windows Mobile, and iPhone.
Business Benefits
-
Control user access
The AppGate Security Server is the most powerful way to control and manage network access for multiple users including office workers, home workers, mobile workers, suppliers, partners and 3rd party contractors. Advanced roles and rights management tools allow administrators to precisely control which resources each user can access based on a wide range of criteria such as the user’s identity, the type of device being used, whether the device is running the latest anti-virus software, and so on. The access rules and client inspections that can be defined for an individual platform are almost limitless to meet any corporate security policy.
-
User access from any device, any location
The AppGate solution allows users to access network resources through a secure connection over any type of network. Users can initiate the secure connection from virtually any type of device: a Mac or Windows PC/laptop, Unix-based workstation, shared computer, Smart Phone or tablet using a browser, installed client or AppGate MOVE.
AppGate’s full mobile VPN solution makes it possible to enable feature-rich applications on mobile devices unlike "push technologies" which offer only email-centric functionality. The "roaming" feature can automatically re-connect to the server if the connection is lost or if the type of transmission changes from 3G to 4G or to WiFi. -
Protect core systems
With one AppGate Security Server many internal security domains or segments can be created, removing the need to change the network architecture to protect critical assets such as development data or PCI at-risk servers from unauthorized access. Built-in encryption, authentication and access control engines deliver a high level of secure separation and protection whilst also providing the flexibility to modify internal segment configuration and connectivity options quickly and easily.
Network traffic is encrypted as standard giving each user a private, secure connection and preventing other users sniffing data. Unauthorized, unencrypted traffic is blocked automatically. -
Central Control & Administration
Administrators can manage the security of the entire network from a single, central location. Rules and roles management provides tight control over user access. Integration with existing infrastructure such as Active Directory, LDAP or Radius Servers simplifies and streamlines user administration saving time and resource. Access rights can be quickly updated when users change jobs or need additional access rights. The AppGate client is easy to use, requiring virtually no user training and minimal set-up of the user’s workstation.
-
Reduced network complexity
The AppGate Security Server combines strong authentication, authorization, encryption and access control in one system. It replaces many of the point products traditionally used for network security and, as a result, network configuration is simpler and easier to manage. The server has built-in firewall functionality for complete protection of itself and of the application servers behind it. No additional hardware is needed to serve different user groups and new services can be put in place without changing the network topology or impacting the security model.
Top Features
-
Strong encryption as standard
All traffic between the endpoint devices and the AppGate Security Server are encrypted using standards such as SSL, SSH and IPSec with encryption methods including AES128, AES256, Blowfish, 3DES and RC4. It is also possible to have the traffic between the AppGate and the back end servers encrypted where this is a requirement.
-
Secure Local Printing
Secure printing can be a problem if the user is on a different network to the one hosting the application. AppGate’s Secure Local Print module enables users to print on their local printer wherever they are working. The AppGate Security Server acts as a print server. The user’s request to print is sent to the Security Server. The AppGate Client includes a local print buffer that collects any print jobs from the server when the user logs in. These can then be printed to the user’s local printer ensuring that information remains secure.
-
High performance over slower networks
By using the most efficient standard protocols, as well as compressing all traffic, AppGate ensures efficient use of bandwidth. This increases performance on slower links, creating a very good user experience and reducing communications costs for devices where users are charged for the amount of data being transferred.
-
Full monitoring and reporting of user access
All user and administrator activities are logged so that access to network resources can be tracked and monitored. His also reduces overheads in reporting for regulatory compliance. Different types of alarms can be defined and sent to external systems for immediate action.
-
Clustering for redundancy and scalability
The AppGate technology is designed to be clustered making it easy to add more users as requirements change. It is easy to start with a small system and then expand it to support evolving business needs. The system scales almost linearly: one additional Security Server gives almost twice the performance.
-
Granular control of user access
Advanced Roles and Rights management tools allow administrators to precisely control which resources the user can access based on a wide range of criteria such as the user’s identity, the type of device being used, whether the device is running the latest anti-virus software, and so on. The access rules and client inspections that can be defined for an individual application are almost limitless to meet any corporate security policy.
How you connect
-
PC Clients
PC Clients come in three flavors: an applet which runs in the browser, another which automatically downloads from the AppGate server when needed and a (pre)installed one. All work the same way displaying a set of service icons to the user such as ’email’. All three use Java and can therefore run on most types of systems, Windows, Mac, Unix and Linux.
The downloadable version of the AppGate client is based on Java Web Start technology, which makes it completely self-updating. It is therefore easy to manage in larger organizations and in environments where it is difficult toupdate installed software on client systems, such as for home users. This is the recommended client to use. AppGate Clients Family -
Mobile Clients
More and more employees are using smartphones interchangeably for personal use and for work. As a result it is easy for the security risks associated with mobile phones to be overlooked. The AppGate solution can provision secure access from a range of mobile phones and tablets and treats them just like desktop computers, servers and laptops.
AppGate clients are available for Windows Mobile, Nokia Series 60 (Symbian), Apple iPhone and iPad, and Android devices. Secure Access for Smart Devices -
Browser
The AppGate Security Server offers SSL for a truly client-less secure access solution, allowing users to access web based services and file shares in a secure way from any web browser. The SSL option is particularly useful for example when the user needs to access web applications such as email from a shared machine at an airport or cafe. Nothing is downloaded to the users machine so it works from almost all types of platform even when it is not possible to download run any client software such as Java.
AppGate’s unified access control simplifies administration - all user access is managed through one system regardless of whether the user is connecting through SSL, using the PC client or a mobile client. However administrators can restrict the services that may be accessed through SSL for security reasons. Read more about the SSL Module here -
AppGate MOVE
AppGate MOVE from Cryptzone is a valuable tool when users need to access the corporate network from untrusted computers such as at home, at the airport or in a caf’. MOVE (My Own Virtual Environment) is a member of the AppGate client family that comes preconfigured on a USB flashdrive. The client does not use or rely on the operating system of the host machine. Instead it executes in a secure and trusted environment also installed on the USB flash drive, providing a truly zero footprint solution.
In addition, neither the AppGate client nor any applications executed during the session will use the host computer’s hard drive. In fact, local drives are never touched during a session which means that no residual data will be present after the user closes down the session. Simply by plugging in a USB flash drive and hitting the power switch, AppGate MOVE provides a secure and trusted environment regardless of the configuration of the host of the computer. AppGate MOVE USB
Modules
Cryptzone OTP
A new module is available for the AppGate Security Server that provides a fully integrated one-time password (OTP) solution. AppGate has always supported a wide range of authentication methods and two-factor authentication. This new module enables customers to deploy a robust OTP solution without the need for additional hardware or servers. One-time passwords are generated on users’ mobile phones, avoiding the need to distribute and maintain physical tokens, and provisioning and initialisation is handled automatically. The user’s phone does not require any network connectivity in order to generate each one-time password as no SMS is sent. With AppGate one-time password authentication can be combined with other authentication methods to provide added security where required. Cryptzone OTP Data Sheet Read the Cryptzone OTP Whitepaper Read more about One Time Password Authentication
Clustering
The AppGate Security Server supports clustering, which enables the use of multiple servers for redundancy or scalability. The system scales almost linearly - one additional Security Server gives almost twice the performance. So it is easy to start with a small system and then expand it to support evolving business needs. Clustering makes the system ideally suited for business continuity. Security Servers provide secure remote access for users if they are unable to get into the office, and the servers can be located in different locations to support disaster recovery. If one server should fail then all the users will be directed to the remaining good unit(s) automatically as they connect.
Nordic Edge OTP Server
The Nordic Edge One Time Password (OTP) server is an optional module that can be installed on the AppGate security server. It extends the options for strong,
multi-factor authentication.
When the user authenticates using the correct password, an SMS message will be automatically sent to their mobile phone containing a OTP. Alternatively, email can be used to deliver the
OTP. The system also works with OATH tokens and has an OATH based mobile phone app as well.
Read more about SMS Two-Factor Authentication here
Business Continuity License
The Business Continuity License (BCL) is a temporary Security Server License that enables organizations to maintain business services in emergency situations, for
example when a flu outbreak strikes and employees need to work from home. The BCL immediately allows an additional 50 concurrent users to access the company’s
Security Server for a period of 50 days.
The BCL can be used with any AppGate installation including the AppGate Free Edition (AFE) and can be extended for extra users or extra time if needed.
Read more about the BCL here
ICE License
The AppGate ICE License offers controlled access to an unlimited number of users in case of emergency. The ICE license is designed to be a part of a business continuity plan ensuring that employees, customers, partners and support personnel can access corporate systems and applications from any location when an emergency occurs. The ICE License allows the organization to immediately add an unlimited user license to an AppGate Security Server installation when the need arises. The license can be activated in minutes. Read more about here
Device Firewall
Laptops that are not properly secured are vulnerable to attack every time a VPN connection is set up. They can carry malicious software onto the network, and are potential
targets for attackers to use clients as gateways to gain access to the internal network. The AppGate Device Firewall works with the AppGate Security Server to protect the user’s
device and the network. The Device Firewall controls all inbound and outbound traffic on all adapters and network interfaces, and enforces specific policies. For example, connections
can be closed except the secure VPN before the user is permitted to connect to a protected application server. The Device Firewall can also make sure that user workstations cannot
communicate with each other, restricting the ability of viruses and worms to spread between systems. The firewall is centrally managed and easy to install. It has no GUI on the
client machine so users do not have to make decisions about traffic filtering.
The Device Firewall is designed for both Windows workstations and servers and can co-exist with other personal firewalls.
Read more about AppGate Device Firewall here
AppGate Satellites - Extend your local network
The AppGate Satellites provides a way to construct secure virtual networks on top of existing networks - in a far simpler way than was possible before. An AppGate Satellite is a small
hardware box which when placed on a remote network acts as a virtual network interface of the AppGate server.
The AppGate Satellites is a solution which allows you to extend your local network into any location, with ease. The Satellite is configured using the AppGate Security Server, and sent to
the remote location where it is connected to the local network and power supply, a task which can be performed by anyone. Firewall configuration is usually not necessary as the Satellite is
connecting out from the remote network.
Customer Success Stories
To see all Customer Success Stories and Case Studies relating to this product, please click here.
-
Asprea
During a period of business restructuring, property insurance company Asprea needed to provision and manage secure access for a range of external users with very different requirements. Users included 3rd party IT and business services organizations, contractors and agents. The AppGate External Access Gateway enabled Asprea to provide secure access for all these external suppliers, making it quick and easy to change users’ access permissions as the business requirements changed, and protecting the network against unauthorized access. Download the Case Study
-
PSE Operator
PSE Operator is the electricity transmission system operator for Poland. The company needs to manage network access for many different user groups including electricity companies, traders, contractors and 3rd party suppliers, whilst also ensuring mission critical systems on the network remained protected against unauthorized access. The AppGate External Access Gateway makes it easy for PSE Operator to provision secure access for all user groups and control precisely which areas of the network each user can access. Download the Case Study
Technical Specifications
- The AppGate Ax-series are robust servers with a small physical footprint, yet powerful enough to handle and encrypt both LAN and Internet traffic at wire speed. The system is easy to use and rapid deployment is guaranteed through its intuitive GUI-based administration interface. Multiple servers can be clustered for higher throughput and higher availability.
- The AppGate Security Server controls access to protected resources based on many parameters, such as the user’s identity, location, authentication method, day of week and type of device and its configuration. It uses session based firewalling, protecting application servers and offers a unified access solution capable of providing complete control of all access.
Entry-level Ax1 |
Entry-level Ax2 |
High-end Ax4 |
High-end Ax8 |
|
| Concurrent Users*: | Up to 500 per unit | Up to 1.000 per unit | Up to 2.000 per unit | Up to 8.000 per unit |
| Throughput: | Up to 250 Mbps with AES-128 encryption | Up to 500 Mbps with AES-128 encryption | Up to 1 Gbps with AES-128 encryption | More than 1 Gbps with AES-128 encryption |
| Processor: | 3.1GHz dual-core 64-bit DDR3-1066/1333MHz | 3.2GHz quad-core 64-bit DDR3-1066/1333MHz | 2x2.2GHz six-core 64-bit DDR3-1333MHz | 2x2.2GHz eight-core 64-bit DDR3-1600MHz |
| Memory: | 4 GB UDIMM 1333MHz | 8GB UDIMM 1333MHz | 16GB RDIMM 1333MHz | 64GB RDIMM 1600MHz |
| Disk(s): | 1 SATA 500GB | 1 SATA 500GB | 2 SATA 500GB RAID hot pluggable | 2 SATA 250GB RAID hot pluggable |
| Network: | 1 Dual 5716 1Gb ethernet | 1 Dual 5716 & 1 Dual 5709 1Gb ethernet | 1 Dual 5720 & 1 Quad 5719 1Gb ethernet | 1 Quad 5720 & 1 Quad 5719 1Gb ethernet |
| Power: | Single Power Supply | Single Power Supply | Dual redundant hot pluggable | Dual redundant hot pluggable |
| DRAC: | iDRAC6 Express | iDRAC6 Express | iDRAC7 Enterprise | iDRAC7 Enterprise |
| Mounting: | 19" rack, 1U | 19" rack, 1U | 19" rack, 1U | 19" rack mountable, 2U |
* Number of users and performance is dependent on application protocols and usage patterns and may differ, both up and down, from numbers in this document.
Resources & Related Literature
Recorded Webinars
Whitepapers
Case Studies
Other Literature
Corporate Brochure
AppGate Security Server
AppGate Device Firewall
AppGate Emergency Licenses
AppGate Secure Access for Smart Devices
AppGate Security Server: SSL Module
AppGate MOVE USB
Access On Demand
OTP with Nordic Edge
AppGate Appliances Technical Information
AppGate Clients Family
Demos
Drakegatan 7, SE-41250 Göteborg, Sweden - info@cryptzone.com