Manualshelf

User Guide

ManualsBrandsAlcatel-Lucent ManualsOtherOMNIACCESS SAFEGUARD CONTROLLER
21222324252627282930
OmniAccess SafeGuard OS Administration Guide
22
Chapter 1: SafeGuard OS Overview
OmniVista SafeGuard Manager compiles information based on user transactions,
presenting all of the activities and access violations tied to usernames. It provides
traffic views on a per-user and per-flow basis, allowing for detailed auditing,
reporting, and forensics. For example, OmniVista SafeGuard Manager could
display all users running Instant Messenger or detail every application, computer,
and file a particular user has touched.
OmniVista SafeGuard Manager also supports role-based provisioning, allowing
IT to define access controls for broad groups of users, such as employees,
contractors, and guests, or for smaller groups, such as the finance department.
OmniVista SafeGuard Manager gives IT flexible malware control, allowing traffic
to be stopped on a per-user or per-application basis if malware is detected.
Using the Alcatel-Lucent OmniVista SafeGuard Manager command center, IT is
provided with full LAN visibility, policy creation capabilities and distribution.
The SafeGuard product family provides the full set of capabilities needed to protect
enterprise assets.
Deployment Models
In terms of deployment, the SafeGuard Controller sits between access switches and the
distribution or core layer, aggregating uplinks from the wiring closets and enforcing
access policies on all traffic. As a transparent device, the Controller requires no changes to
network design or user behavior, simplifying deployment and IT’s cost of operations.
The Controller supports high availability and resiliency modes. Enterprises that have
dual-homed wiring closet switches can deploy two SafeGuard Controllers as peers—the
two platforms would share state and preserve user authentications in case of failover. The
Controller runs in fail pass-through mode following a failure, where all LAN traffic will
traverse the Controller untouched, or protect mode, where all traffic is stopped (based on
security policy settings).
While the Controller sits behind existing switches, which suits environments not
upgrading their switches, the SafeGuard Switch provides an integrated secure switch
ideal for customers in the midst of a switch upgrade or building a new LAN for
enterprises to secure the fabric of their LAN.
The integrated platform with both the SafeGuard Controller and SafeGuard Switch
reduces the number of platforms customers need to buy and manage, lowering capital
and operational costs. The SafeGuard Switch also provides per-port control, vs. the per-
uplink control in the SafeGuard Controller. While user- and application-based controls
are available in both SafeGuard platforms, the switch’s per-port control means worms are
contained to a single user rather than all users connected to one uplink port.