Datasheet
3
Access Privilege Management Capabilities
The SA4500 FIPS and SA6500 FIPS appliances provide dynamic access privilege management capabilities without infrastructure changes,
custom development, or software deployment/maintenance. This facilitates the easy deployment and maintenance of secure remote
access, as well as secure extranets and intranets. When a user logs into an SA4500 FIPS or SA6500 FIPS appliance, they pass through a
pre-authentication assessment, and are then dynamically mapped to the session role that combines established network, device, identity,
and session policy settings. Granular resource authorization policies further ensure exact compliance to security strictures.
Table 3: SA4500 FIPS and SA6500 FIPS Access Privilege Management Capabilities
FEATURE FEATURE DESCRIPTION BENEFIT
User-Record
Synchronization
Supports synchronization of user records such as user
bookmarks across dierent non-clustered SA Series
appliances.
Ensures ease of experience for users who oen travel from
one region to another and therefore need to connect to
dierent SA Series appliances.
VDI (Virtual Desktop
Infrastructure) Support
Allows interoperability with VMware View Manager and
Citrix XenDesktop to enable administrators to deploy virtual
desktops with the SA Series appliances.
Provides seamless access to remote users to their virtual
desktops hosted on VMware or Citrix servers. Provides
dynamic delivery of the Citrix ICA client or the VMware View
client, including dynamic client fallback options to allow
users to easily connect to their virtual desktops.
ActiveSync Feature Provides secure access connectivity from mobile devices
(such as Symbian, Windows Mobile, or iPhone) to the
Exchange server with no client soware installation.
Enables up to 5000 simultaneous sessions on the SA6500.
Simplifies the end-user experience when they are using a
mobile device to get network access.
Hybrid role/resource-
based policy model
Administrators can tailor access. Ensures that security policies reflect changing business
requirements.
Pre-authentication
assessment
Network and device attributes, including presence of Host
Checker/Cache Cleaner, results of endpoint security scans,
source IP, browser type, and digital certificates can be
examined even before login is allowed.
Results can be used in dynamic policy enforcement
decisions.
Dynamic authentication
policy
Enables administrators to establish a dynamic
authentication policy for each unique session.
Leverages the enterprise’s existing investment in directories,
public key infrastructure (PKI), and strong authentication.
Dynamic role mapping Combines network, device, and session attributes to
determine which of three dierent types of access is
allowed.
Enables the administrator to provision by purpose for each
unique session.
Resource authorization Provides extremely granular access control to the URL,
server or file level.
Allows administrators to tailor security policies to specific
groups, providing access only to essential data.
Granular auditing and
logging
Can be configured at the per user, per resource, and per
event level for security purposes as well as capacity
planning.
Provides fine-grained auditing and logging capabilities in a
clear, easy to understand format.
Custom expressions Enables the dynamic combination of attributes on a “per
session” basis, at the role definition/mapping rules and the
resource authorization policy level.
Enables finer granularity and customization of policy roles.