Datasheet

ManualsBrandsJuniper Manualscomputers & electronicsACCESS-EES-1000U-1YR

Table 7: SA4500 FIPS and SA6500 FIPS Streamlined Management and Administration

FEATURE FEATURE DESCRIPTION BENEFIT

Constrained delegation When a user logs into the SA Series with a credential that

cannot be proxied through to the backend server, the SA

Series will retrieve a Kerberos ticket on behalf of the user

from the Active Directory infrastructure. The ticket will be

cached on the SA Series throughout the session. When

the user accesses Kerberos-protected applications, the SA

Series will use the cached Kerberos credentials to log the

user into the application without prompting for a password.

Eliminates the need for companies to manage static

passwords resulting in reduced administration time and

costs.

Advanced SSO

enhancements

SA Series will automatically authenticate remote users via

Kerberos or NTLMv2 using user credentials.

Simpliﬁes user experience by avoiding having users enter

credentials multiple times to access dierent applications.

Juniper Networks Network

and Security Manager

(NSM)

Intuitive centralized user interface for conﬁguring, updating,

and monitoring SA Series appliances within a single device/

cluster or across a global cluster deployment.

Enables companies to conveniently manage, conﬁgure, and

maintain SA Series appliances and other Juniper devices

from one central location.

Password management

integration

Standards-based interface for extensive integration with

password policies in directory stores (LDAP, Microso Active

Directory, NT, and others).

Leverage existing servers to authenticate users;

users can manage their passwords directly through

the SA Series interface.

Web-based Single Sign-

On (SSO) BASIC Auth

and NTLM

Allows users to access other applications or resources that

are protected by another access management system

without re-entering login credentials.

Alleviates the need for end users to enter and maintain

multiple sets of credentials for web-based and Microso

applications.

Web-based SSO forms-

based, header variable-

based, SAML-based

Ability to pass user name, credentials, and other customer-

deﬁned attributes to the authentication forms of other

products and as header variables.

Enhances user productivity and provides a customized

experience.

Role-based delegation Granular role-based delegation lessens IT bottlenecks

by allowing administrators to delegate control of diverse

internal and external user populations to the appropriate

parties.

Associates real-time control with business, geographic, and

functional needs.

Easy-to-edit role

mapping and resource

authorization policies

Administrators can copy and reuse existing policies. Simpliﬁes the process of setting up complex, multi-variable

polices or administration for multiple types of groups/roles.

Lower TCO

In addition to enterprise-class security benefits, the SA4500 FIPS and SA6500 FIPS appliances have many features that enable low total

cost of ownership.

Table 8: SA4500 FIPS and SA6500 FIPS Lower TCO

FEATURE FEATURE DESCRIPTION BENEFIT

WX Client Integration When deployed in conjunction with the Juniper Networks

WX Client, the SA Series can dynamically provision secure,

accelerated remote access for employees, partners, and

contractors. For more details on WX Client, please visit

www.juniper.net/application-acceleration.

Improves end user productivity by providing LAN-like

performance for accessing applications and ﬁles via

Network Connect regardless of where the end user is

located.

Based on industry-

standard protocols and

security methods

No installation or deployment of proprietary protocols is

required.

Investment in the SA4500 FIPS AND SA6500 FIPS can be

leveraged across many applications and resources over

time.

Extensive directory

integration and broad

interoperability

Existing directories can be leveraged for authentication

and authorization, enabling granular secure access without

recreating those policies.

Existing directory investments can be leveraged with no

infrastructure changes; no API’s for directory integration are

needed, as functionality is all native/built-in.

Integration with strong

authentication and

identity and access

management platforms

Ability to support SecurID, Security Assertion Markup

Language (SAML), and PKI/digital certiﬁcates.

Leverages existing corporate authentication methods to

simplify administration.

Cross-platform support Ability for any platform to gain access to resources such as

Windows, Mac, Linux, or mobile devices.

Provides ﬂexibility in allowing users to access corporate

resources from any type of device using any type of

operating system.