novell zenworks network access control · 2015. 5. 8. · novell zenworks network access control...
TRANSCRIPT
BrochureRESOURCE MANAGEMENT
Novell® ZENworks® Network Access Control
Novell Logo1 The registered trademark, ®,
appears to the right and on thesame baseline as the Logo.
Minimum Size RequirementsThe Novell Logo should NOT beprinted smaller than 3 picas(0.5 inches or 12.5 mm) in width.
Clear-space Requirements2 Allow a clean visual separation
of the Logo from all other elements.The height of the "N" is themeasurement for the minimumclear-space requirements aroundthe Logo. This space is flat andunpatterned, free of other designelements and clear from the edgeof the page.
3 picas(0.5 in)
(12.5 mm)
21 3
3
www.novell.com
p. 2
Fast pre-connect testing that does not interfere with the end user’s logging on experience
Accurate and fast deep testing using hundreds of off-the-shelf tests
Flexible endpoint testing, enforcement and remediation
Continuous post- connect monitoring
Windows OS and Mac OS X coverage
Scalability that can support hundreds of thousands of endpoints
Identity-based management controls
Novell® ZENworks® Network Access Control stops unauthorized access, prevents mali-cious endpoint activity and enforces specified security policies. As the network access control (NAC) solution of choice for many organizations, ZENworks Network Access Control protects some of the largest, most sensitive networks in the world, including branches of the U.S. military. It has been honored with numerous awards, including:
SC Magazine’s 2008 Reader Trust Award as the Best Endpoint Security Solution
A “Positive” rating in Gartner’s Marketscope for Network Access Control in 2008
TechWorld’s 2007 Endpoint Security Product of the Year
Windows IT Pro 2007 Editor’s Choice SC Magazine’s 2006 Best Endpoint
Security Solution
Novell and Your Strong Perimeter
Complete NAC
Figure 1. This image shows how Novell ZENworks Network Access Control operates on the network. Based on both pre-connect testing and post-connect monitoring, ZENworks Network Access Control enforces security policies for managed and unmanaged endpoints belonging to users inside the firewall, remote users, contractors, visitors and wireless users.
p. 3
Novell ZENworks Network Access Control www.novell.com
Novell ZENworks Network Access Control is a complete NAC solution, delivering on the four vital areas of NAC: pre-connect testing, post-connect monitoring, identity-based management and remediation. It gives administrators a NAC solution that has comprehensive endpoint testing without affecting end-user productivity. It also delivers an easy-to-use interface that allows you to see exactly who is on the network and what they are doing. In addition, ZENworks Network Access Control includes multiple enforcement options for quarantining endpoints, enabling you to enforce policy compliance across complex, heterogeneous networks. You can blend multiple enforcement options within a ZENworks Network Access Control imple-mentation and manage those options from a single Web-based console. Enforcement options include:
802.1x enforcement and switch configuration in the GUI
DHCP enforcement Endpoint-based enforcement In-line enforcement
Endpoint Health and True NACThe proprietary testing and enforcement engine of Novell ZENworks Network Access Control provides extremely fast and thorough pre-connect endpoint testing for both Windows* and Macintosh* computers. End users are unaware of any delay in the login process because device testing takes only seconds. If quarantined, users are given clear instructions on how to remediate the problem, so they can get back on the network cleanly and securely.
Unlike other NAC solutions that are built on top of vulnerability scanners, intrusion detec-tion/prevention (IDS/IPS) systems or personal firewalls, ZENworks Network Access Control is not weighed down by irrelevant processes
or constrained by limited testing capabilities. It thoroughly evaluates endpoint health before the device is allowed to forward traffic to the network—a key requirement for true NAC—and helps prevent unhealthy endpoints from spreading damage.
Pre-connect Endpoint TestingNovell ZENworks Network Access Control applies the most comprehensive scans to fully assess endpoint security. Using three flexible endpoint testing options (agentless, Web-based and agent-based), ZENworks Network Access Control allows a full range of devices, both Windows and Macintosh, to be tested thoroughly before being allowed onto the network. Novell adds new tests on an ongoing basis, and you can develop custom tests to meet organization-specific needs. Pre-connect tests scan for:
OS support (Windows and Macintosh), including Vista*
OS Service Packs and hotfixes Browser and OS security settings Installed and up-to-date antivirus and
antispyware software Installed and up-to-date personal firewall Presence of peer-to-peer applications Worms, viruses and trojans Presence of administrator-defined required
or prohibited software And much more
Post-connect MonitoringNovell ZENworks Network Access Control continues to monitor the compliance of end-points after network access has been granted. As devices remain connected to the network, they are periodically revalidated using the same testing criteria used for the pre-connect assessment, ensuring that devices remain compliant throughout the session.
The network access control (NAC) solution of choice for many organizations, ZENworks Network Access Control protects some of the largest, most sensitive networks in the world, including branches of the U.S. military.
p. 4
ZENworks Network Access Control is a complete NAC solution, delivering on the four vital areas of NAC: pre-connect testing, post-connect monitoring, identity-based management and remediation. It provides administrators with a NAC solution that has comprehensive endpoint testing without affecting end-user productivity.
Management and Administration
Regardless of the size or complexity of the network, Novell ZENworks Network Access Control centrally consolidates the manage-ment of all testing and enforcement activities, providing a single-pane-of-glass view of end-point security. It provides administrators with an easy-to-use, intuitive GUI that allows them to quickly determine what is happening with endpoints, who is quarantined and why.
The user interface simplifies deployment and provides easy access to many functions usually reserved for back-end configuration.
Where other NAC vendors make you use the command line to configure features and functionality, ZENworks Network Access Control has pulled those features into the GUI.
A single ZENworks Network Access Con-trol Management Server controls multiple Enforcement Servers (grouped together in clusters as shown in Figure 2). Enforcement Servers allow ZENworks Network Access Control to seamlessly accommodate dis-persed geographic locations, heterogeneous network topologies and the full range of endpoint connection types (see Figure 3 on the next page).
Multi-node Architecture
Figure 2. In the multi-node architecture of Novell ZENworks Network Access Control, a single Management Server controls multiple Enforcement Server clusters, regardless of the blend of enforcement options deployed. Multi-user, role-based access is assignable at the cluster level. Access policies and tests are centrally managed. Reporting and access data is rolled up at the cluster and corporate levels.
p. 5
Novell ZENworks Network Access Control www.novell.com
Through the Management Server, custom tests and access policies can be distributed to all Enforcement Servers in a single opera-tion. System monitoring and reporting are rolled up at the cluster and corporate levels. Administrative access to the system is strictly controlled through user roles and cluster assignments. Administrators may create additional roles using fine-grained permis-sions. Devices and functions are exposed on a need-to-know basis. For example, an administrator may only view data for endpoints within their assigned clusters.
High Availability and Load BalancingNovell ZENworks Network Access Control provides true high availability capabilities. Should an Enforcement Server fail, other servers within a cluster will automatically provide coverage for the affected network
segment. Likewise, a spike in testing activity directed at a single Enforcement Server is load balanced across the cluster.
Integrated in the IT EnvironmentNovell ZENworks Network Access Control features an open architecture that allows the import and export of data to and from ZENworks Network Access Control. The open architecture also allows third-party systems to control testing and quarantining functions and enables sharing of endpoint security data with other IT systems.
ZENworks Network Access Control also provides a DHCP plug-in, allowing companies to have DHCP enforcement without requiring it to be in-line. In addition, SMB signing pro-vides agentless testing and an added layer of security to specific Microsoft* endpoints.
Regardless of the size or complexity of the network, Novell ZENworks Network Access Control centrally consolidates the management of all testing and enforcement activities, providing a single-pane-of-glass view of endpoint security.
Managing Clusters
Figure 3. This graphic shows how clusters are managed in the Novell ZENworks Network Access Control interface. In the ZENworks Network Access Control GUI, the Cluster window displays real-time access control data and performance statistics for the selected Enforcement Server cluster. In this example, the ‘Provo’ cluster is displayed, which contains an individual Enforcement Server (znac-es.mycompany.com).
p. 6
Automated and Manual Repair, Minimal Impact on End Users Novell closes the NAC loop by facilitating a variety of remediation options for endpoints that test non-compliant with your security policy, including automated remediation, self-remediation and access grace period.
Administrators have complete control over the depth and frequency with which end users are informed of testing activities and results. Communication can be as visible or as invis-ible as necessary. End users may be notified of device testing, test results and the steps needed to bring the endpoint into compliance.
Reporting for Management and AuditorsNovell ZENworks Network Access Control includes robust reporting capabilities that allow you to meet the needs of auditors, managers and IT staff. Reports provide
concise security status information on device compliance and access activity. Available reports include: device list, actions taken, access policy results, test details, test results, test results by device, test results by user, test results by IP address and more.
Start Strengthening Your Perimeter TodayNovell ZENworks Network Access Control is ready to help you take network security to the next level—by testing all of your endpoints before they connect to the network, proac-tively monitoring them after they connect and making it easy to enforce security policies and perform remediation through a single manage-ment console. Visit www.novell.com/nac to learn more about how these crucial capabilities can lead directly to less risk for your business; lower IT costs and administrative requirements; and a safer, more stable and more compliant IT environment.
Device Activity Window
Figure 4. The Device Activity window displays the testing and connection status of all devices attempting to connect to the network during the specified time period (one hour in this case).
p. 7
Novell ZENworks Network Access Control www.novell.com
www.novell.com
Contact your local Novell Solutions Provider, or call Novell at:
1 800 714 3400 U.S./Canada1 801 861 1349 Worldwide1 801 861 8473 Facsimile
Novell, Inc.404 Wyman Street Waltham, MA 02451 USA
463-001029-001 | 09/08 | © 2008 Novell, Inc. All rights reserved. Novell, the Novell logo, the N logo and ZENworks are registered trademarks of Novell, Inc. in the United States and other countries.
*All third-party trademarks are the property of their respective owners.
Novell Logo1 The registered trademark, ®,
appears to the right and on thesame baseline as the Logo.
Minimum Size RequirementsThe Novell Logo should NOT beprinted smaller than 3 picas(0.5 inches or 12.5 mm) in width.
Clear-space Requirements2 Allow a clean visual separation
of the Logo from all other elements.The height of the "N" is themeasurement for the minimumclear-space requirements aroundthe Logo. This space is flat andunpatterned, free of other designelements and clear from the edgeof the page.
3 picas(0.5 in)
(12.5 mm)
21 3
3