Avenda eTIPS® 5000 Series

Next generation high performance identity and policy platform

Enlarge

eTIPS enables organizations to securely manage the access and visibility of users and endpoints on their networks. Automated policy and control mechanisms effectively assign network permissions per authentication session to proactively help users get to the information they need, prevent malicious activity and meet emerging regulatory compliance initiatives.

eTIPS Overview

The growing need to offer broader employee, guest and partner access has created a need for greater network protection that starts at the user. The mobility of employees and their different modes of network access are driving the need for improved protection against unintentional and possibly malicious attacks on intellectual property and resources. And, wired, wireless and VPN access methods for these same users has forced organizations to unify the silos of policy systems, equipment and authentication stores that may or may not interoperate with each other.

Avenda Systems eTIPS platform solves these problems by providing the only access control policy solution that unifies access methods and frameworks, operating systems, managed and unmanaged endpoints, agents and existing identity stores. The value proposition of eTIPS is in the delivery of a unified platform that can adapt as the customer’s needs evolve. Key differentiators include:

  • Protocol and framework independence
  • A rich set of use cases that caters to even the most complex access control needs in an organization
  • Comprehensive logging and reporting

Trusted Users, Trusted Network

IT administrators responsible for network, user, endpoint, and security departments can define and manage who has access to the network from a single, intuitive platform. The ability to easily define roles and access control policies within eTIPS, regardless of how a user enters the network eliminates the need to create and update multiple policy systems, and strengthens an organization’s overall security architecture.

eTIPS operates within any mixture of network and security infrastructure, operating systems, authentication types or identity stores. By proactively denying access to unauthorized or misbehaving clients, and providing accurate reporting and monitoring of all activities, eTIPS becomes a trusted troubleshooting tool as well as a trusted identity and management platform.

Next Generation Policy Management

eTIPS reduces the operational complexity and cost that can inundate an organization that has deployed a mixture of networking, trust and identity resources, by consolidating user and endpoint authentication, authorization, access control, trust determination and monitoring under a single policy management system. Integration with existing posture validation servers, audit servers and logging systems through well defined protocols, APIs and standards is also available. eTIPS leverages built-in RADIUS, TACACS+ and Web authentication services to provide a rich of network access use cases. A subset of use cases supported by eTIPS includes:

Employee Access

eTIPS can authenticate users and endpoints on wired and wireless 802.1X networks using multiple authentication protocols such as PEAP, EAP-FAST, EAP-TTLS, etc., and identity stores such as Microsoft Active Directory, LDAP compliant directory, ODBC compliant SQL database, Token Servers and internal database.

In addition, the health of the endpoint can be evaluated either natively or by brokering it to an external health evaluation server such as Microsoft NPS or Cisco NAC appliance.

Guest/Partner Access

In this use case eTIPS acts as a guest authentication server; user and (optional) health credentials are collected via a captive web portal and dissolvable agent. Receptionists/Office Administrators can be given the ability to add guest access permissions.

Unmanaged Endpoint Access

Unmanaged /non 802.1X devices (printers, IP phones, and other embedded devices) can be identified as known/unknown devices based on the presence of their MAC Address in an external repository or database. These devices can also be audited using built-in NMAP based network port scanning or NESSUS-based vulnerability scanning.

Device Administration

eTIPS can also be used to provide tiered, differentiated “administrative access’” to network devices using the TACACS+ protocol

Key Features

Multiple network access framework support - natively supports leading NAC & NAP frameworks. Extensible architecture makes it possible to support emerging frameworks, such as TNC and IETF NEA, as they evolve

Out-of-band deployment - eTIPS sits outside the regular traffic path after authentication and authorization to minimize impact on network performance and scalability, unlike in-band and SNMP-based technologies

Setup - intuitive web-based management interface simplifies policy configuration. Additional policy simulation features ensures newly configured policies are verified before deployment

Troubleshooting and reporting - activity dashboard logs all access requests in real-time. Reports highlight user activity; authentications and failures Dynamic deployment options - assigns each user to appropriate resources using pre-determined services and authorization policies. Policy monitoring allows for new service and rules assignments to be tested before implementation

Rich APIs - Rich set of configuration and authentication APIs allow for simplified third party integration Enterprise-class scalability - fully replicated clustering capability for high availability and load balancing. All members of cluster can be centrally managed, with consolidated dashboard view of all session activities. All changes are replicated throughout the cluster without need for a system restart.

eTIPS 5000 Series

Models
  • ET-5000 series of appliances for small to large deployments
Framework and Protocol Support
  • Microsoft NAP, Cisco NAC Appliance
  • RADIUS, TACACS+, Web Authentication
  • EAP: EAP-FAST (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
  • PEAP (EAP-MSCHAPv2, EAP-GTC, EAP-TLS)
  • TTLS (EAP-MSCHAPv2, EAP-GTC, EAP-TLS, EAP-MD5, PAP, CHAP)
  • EAP-TLS, EAP-MD5
  • PAP, CHAP, MSCHAP v1 & 2
  • Wireless & Wired 802.1X
  • Windows Machine Authentication
  • MAC Auth (non 802.1X endpoints)
  • Audit (Port and vulnerability scans)
User Stores
  • Microsoft Active Directory
  • Any LDAP compliant Directory
  • Any ODBC compliant SQL server
  • Tokens servers
  • Built-in Identity Store
  • Built-in Static Hosts List
RFC Standards
  • 2246, 2248, 2548, 2759, 2865, 2866, 2869, 2882, 3079, 3579, 3580, 3748, 4017, 4137, 4849, 4851, 5216, 5281
Internet Drafts
  • Protected EAP (vers: 0 & 1), Microsoft CHAP extensions, Dynamic Provisioning using EAP-fAST, TACACS+
Hardware Components
  • Intel Multi-core, Multi-processor platform
  • 200 to 500GB Disk
  • Universal Power w/PFC - (100 ~ 240 VAC; Auto Sensing)
  • Max power consumption – 270 W
  • 2 – Gigabit Ethernet ports, 1 – Serial port
Mechanicals
  • 1U rack-mountable chassis
  • 16.7"W x 1.7"H x 14"D
  • Weight - 18 Lbs
Compliance
  • UL, FCC, CE, RoHS