SafeConnect works with your directory services (i.e. LDAP, MS Active Directory) to enable user authentication. The system also automatically identifies devices on the network. These two functions work automatically to match users to devices. This allows for security policies to be applied based on user groups (student, employee, guest, vendor, etc.), access method (wired, wireless, VPN) or by device type (Windows, MAC, gaming, mobile etc.)
The biggest challenge in managing network performance and security today is the dramatic increase in the number of mobile devices connecting to the network. SafeConnect can keep you one step ahead by being able to identify, authenticate, on-board and monitor these devices in an automated way.
Ultimately, the “experience” is the result of the way Impulse does things. And it all goes back to our user-centric business philosophy. This full-service solution approach combines Impulse’s products with expert technical support and network insight. As a result, our clients gain an enduring and evolving solution that is able to address ever-changing security, intelligence, and visibility and control demands.
The industry’s most comprehensive, client-centric managed services delivery model (aka The Impulse Experience) includes access control architecture that drastically simplifies the enablement of network security, control and intelligence; a decade of experience and technology leadership in BYOD enablement and in Education; and significant IT cost reductions in the areas of network infrastructure, maintenance and support costs. Click here to learn more.
SafeConnect provides the ability to not only automate the enforcement of security and compliance policies, but also gathers a wealth of context-aware device information so you can make informed and intelligent decisions about your network. Impulse’s Contextual Intelligence™ technology delivers real-time device information that correlates identity/role, device type, and location (along with other attributes such as ownership and compliance status) over time to power its SafeConnect solution.
Information gleaned “in context” regarding mobile devices on the network (both real time and historically) allow IT managers to make better decisions on network capacity, risk mitigation, and forensic analysis required for addressing compliance. Accessing real-time contextual information also reduces the number and length of help desk calls by improving the end user experience. Click here to learn more.
In addition to Impulse’s existing Layer3 Policy Based Routing (PBR) network enforcement, the latest version of SafeConnect introduces a new device enforcement option—RADIUS-Based Enforcement (RBE). RBE delivers dramatic scalability enhancements and more granular network and application access role assignments for 802.1X/WPA2 Enterprise and Open wireless network environments.
As the numbers of mobile devices increase and affect network density, a more flexible, scalable and dynamic mechanism is needed to enforce BYOD security policies. Capitalizing on existing customer investments in wireless technologies, RBE utilizes network communication standards to manage device role and access control.
A key benefit of RBE is its non-reliance on VLAN Steering. Within a wireless network environment, VLAN manipulation is a resource burden to design, deploy, and support; in addition to contributing to a poor end user experience every time a device is forced to change VLANs. Impulse’s RBE assigns network access privileges to a specific device versus moving a device to a common/shared VLAN. Click here to learn more.
SafeConnect is specifically designed as a vendor-independent solution that easily integrates into existing (or future) network architecture. No switch manipulation. No forklift upgrades. Fewer moving parts. No end of life.
The SafeConnect system simply requires access to one or more Layer3 switch/router points of network aggregation that supports Policy Based Routing (PBR), and either NetFlow or sFlow. SafeConnect’s continuous posture assessment capability can also leverage technology to assign per-user quarantine roles for clients that are not compliant with security requirements, and participate in Single Sign-on (SSO) Authentication using 802.1x–WPA2 Enterprise.
SafeConnect is an appliance-based NAC solution that is implemented as a true “out-of-line” network device. The SafeConnect Policy Enforcer Appliance sits out-of-line with the core network and fails open—presenting no single point of failure, performance bottle-necks or maintenance-related or scheduled network outages. In the event of a failure all existing and new users to the network are unaffected and have uninterrupted access to network resources.
SafeConnect is network switch hardware and software vendor independent and integrates into the existing network architecture with no changes or continuous manipulation of Layer2 network switch devices, wireless access points, or VPN concentrators required.
SafeConnect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. SafeConnect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.
SafeConnect is delivered as an operationally managed service. The health of the system is monitored from the Impulse Support Center and Impulse Point is responsible for delivering all necessary hardware and software maintenance, problem determination and resolution, and ongoing feature enhancement. The organization maintains full control of managing their desired endpoint computing policies and enforcement rules via the SafeConnect Policy Management Console.
The SafeConnect Policy Enforcer is a pre-configured hardware and software appliance bundle. It is installed on your premises (and is also avaiable virtually) and connected to your existing Layer3 switch/router in an out-of-line network fashion. A single Policy Enforcer can manage network access policies for up to 10,000 concurrent endpoint devices. For environments with more than 10,000 current endpoints additional enforcers are added. SafeConnect is currently running on hundreds of environments with over 25,000 concurrent endpoints. Our largest deployment is managing more than 80,000 devices.The entire system is managed locally by the organization through the SafeConnect Policy Management Console.
The SafeConnect Policy Management Console is a centralized Web-based portal that allows authorized users (typically a policy administrator) to set the acceptable use standards the Policy Enforcer will implement. Administrators can select from a series of pre-configured policies on authentication, anti-virus or anti-spyware protection, patch maintenance levels, and peer-to-peer file sharing, or create their own using the custom policy builder module. Network access can also be managed by group or location, or based on roles users occupy within the organization.
The Policy Management Console also displays real-time policy status reporting to provide valuable insight into group or individual policy compliance. Help Desk personnel can quickly ascertain the security posture and network access condition of any device on the network by searching IP, MAC Address, or User Name. Granular historical database reporting is also available for trending analysis, compliance auditing, and archiving.
Organizations can completely customize the look and feel of the policy notification web pages to match company marketing efforts and enhance the end user experience.
The SafeConnect system provides the ability to build and assign unique/granular policies based on IP address range, VLAN segment, or subnet, or MAC Address. Assign policies by device type (Windows, Apple, Linux, PDA, Gaming Console, etc.) and by individual user identity based on their role/group membership as defined by the organization’s existing Directory Services (Active Directory, LDAP, etc.) infrastructure. Click here to see the modules that come standard with SafeConnect.
The SafeConnect architecture includes a Policy Key (NAC agent) that is non-intrusive and provides the distributed NAC functionality that affords the system its highly scalable attributes and real-time security assessment.SafeConnect currently provides real-time Policy Key assessment support for Microsoft-based Windows (including Windows 7), and MAC OS 10.5 and higher devices.
The Policy Key is typically automatically installed during the initial device registration process, and is updated in stealth-mode (no end user interaction required). The Policy Key can also be pre-distributed by a preferred software distribution method such as active directory group policies, SMS, or via physical media. The Policy Key may be provisioned so that it will self-dissolve after a specified period of time, if it has been inactive (such as 48 hours, or 30 days, etc.). Additionally, the Policy Key has a very small footprint (1Mb size) compared to competing approaches, and consumes less than 1% of system resources.
The Policy Key does not collect any personal information. Nor does it have the ability to act as spyware. It strictly identifies and reports policy status (as can be answered with true/false questions) required for the operation of the solution. The Policy Key continually assesses the end user’s computer for compliance with your security policies. If an end user is not in compliance with an organization’s network access policies, the SafeConnect solution delivers individualized remediation guidance and can isolate the device until the policy breach is resolved.
The attached terms and conditions shall apply to the provision and use of the Impulse SafeConnect™ product and services (individually a “Service” and collectively the “Services”) provided. Click here to read the EULA.
Impulse will assist in developing a deployment plan and will provide support throughout the production deployment process. Impulse’s managed service offering also includes on-going “how-to” consultative support that will enable the organization to maximize their investment.