Juniper Networks Secure Access 2000
The Juniper Networks Secure Access 2000 (SA 2000) SSL VPN enables small-to-medium-sized companies to deploy cost effective remote and extranet access, as well as intranet security. Users can access the corporate network and applications from any standard Web browser. The SA 2000 uses SSL, the security protocol found in all standard Web browsers, as a secure access transport mechanism. The use of SSL eliminates
the need for client software deployment, changes to internal servers, and costly ongoing maintenance. Juniper’s Secure Access appliances also offer sophisticated partner/customer extranet features that enable controlled access to differentiated users and groups with no infrastructure changes, no DMZ deployments, and no software agents. This functionality also allows companies to secure access to the corporate intranet, so that administrators can restrict access to different employee, contractor or visitor populations, based on the resources that they need.
The SA 2000 comes with the streamlined feature set that an enterprise would need to deploy secure remote access, as well as a basic customer/partner extranet or secure intranet. The Advanced license enables additional sophisticated features that meet the needs of more complex deployments with diverse audiences and use cases, as well as Juniper Networks Central Manager.
Rich Access Privilege Management Capabilities
• Dynamic, controlled access at the URL, file, application and server
• Secure remote access with no client software deployments or
level, based on a variety of session-specific variables including
changes to servers, and virtually no ongoing maintenance
identity, device, security control and network trust level
• Secure extranet access with no DMZ buildout, server hardening
resource duplication, or incremental deployments to add
• Three different access methods allow administrators to balance
security and access on a per-user, per-session basis
• Numerous security options from the end user device, to the
• Cluster pair deployment option, for high availability across the LAN
• Juniper’s Endpoint Defense Initiative includes native functionality
as well as client- and server-side APIs for effective enforcement and
• Central management option for unified administration
unified administration of best-of-breed endpoint security
• User self service features enhance productivity while lowering
Lower Total Cost of Ownership
In addition to enterprise-class security benefits, the SA 2000 has a wealth of features that enable low total cost of ownership.
Secure remote access with no client software deployment and no changes to existing servers
Based on industry-standard protocols and
The investment in the Secure Access 2000 can be leveraged across many applications and resources over time.
Extensive directory integration & broad
Existing directories can be leveraged for authentication and authorization. Standard-based interfaces and APIs provide seamless integra-
Provides the ability to host different virtual extranet Websites from a single SA 2000 appliance, saving the cost of incremental servers,
easing management overhead and providing a transparent user experience with differentiated entry URLs
Allows the creation of completely customized sign-in pages to give an individualized look for specified roles, streamlining the
End-to-End Layered Security
The SA 2000 series provides complete end-to-end layered security, including endpoint client, device, data and server layered security controls.
Client computers can be checked at the beginning and throughout the session to verify an acceptable security posture requiring or restrict-ing network ports; checking files/process and validating their authenticity with MD5 hash checksums. Performs version checks on security applications, and carries out pre-authentication checks and enforcement. Enables enterprises to write their own host check method to customize the policy checks. Resource access policy for non-compliant endpoints is configurable by the administrator.
Created in partnership with best-of-breed endpoint security vendors, enables enterprises to enforce an endpoint trust policy for managed PCs that have personal firewall, antivirus clients, or other installed security clients, and quarantine non-compliant endpoints
Enables enterprises to deliver and update third party security agents from the SA 2000, which reduces public-facing infrastructure, en-ables consolidated reporting of security events, and enables policy-based remediation of non-compliant clients
Allows the enterprise to establish trustworthiness of non-API-compliant hosts without writing custom API implementations, or locking out external users such as customers or partners that run other security clients
Hardened security infrastructure, audited by 3rd party security experts including CyberTrust, effectively protects internal resources and
lowers total cost of ownership by minimizing the risk of malicious attacks.
Security services employ kernel-level packet Ensures that unauthenticated connection attempts, such as malformed packets or DOS attacks are filtered outfiltering and safe routing
All proxy downloads and temp files installed during the session are erased at logout, ensuring that no data is left behind
Prevents sensitive meta-data (cookies, headers, form entries, etc) from leaving the network, and allows for rendering of content in a non-cacheable format
Access Privilege Management Capabilities
The SA 2000 appliance provides dynamic access privilege management capabilities without infrastructure changes, custom development, or
software deployment/maintenance. This facilitates the easy deployment and maintenance of secure remote access, as well as secure extranets and
intranets. When a user logs in to the SA 2000, they pass through a pre-authentication assessment, and are then dynamically mapped to the session
role that combines established network, device, identity and session policy settings. Granular resource authorization policies further ensure exact
compliance to security strictures.
Hybrid role- / resource-based policy model
Administrators can tailor access to dynamically ensure that security policies reflect changing business requirements
Network and device attributes, including presence of Host Checker/Cache Cleaner, source IP, browser type and digital certificates, can be examined even before login is allowed and results are used in dynamic policy enforcement decisions
Leverages the enterprise’s existing investment in directories, PKI, and strong authentication, enabling administrators to establish a dynamic authentication policy for each user session
Combines network, device and session attributes to determine which of three different access methods, or combination of methods, is allowed enabling the administrator to provision by purpose for each unique session
Enables extremely granular access control to the URL, server, or file level to tailor security policies to specific resources
Fine-grained auditing and logging capabilities in a clear, easy-to-understand format can be configured to the per-user, per-resource, and per-event level. Auditing and logging features can be used for security purposes as well as capacity planning
Enable the dynamic combination of attributes on a “per-session” basis, at the role definition/mapping rules and
Alleviates the need for end users to enter and maintain multiple sets of credentials for Web-based and Microsoft applications
In addition to BASIC Auth and NTLM SSO, the advanced feature set provides the ability to pass user name, credentials and other customer
defined attributes to the authentication forms of other products and as header- variables, to enhance user productivity and provide a
customized experience. SAML-based integration for authentication and authorization
Provision by Purpose
The Secure Access 2000 includes three different access methods. These different methods are selected as part of the user’s role, so the
administrator can enable the appropriate access on a per-session basis, taking into account user, device, and network attributes in combination with
enterprise security policies.
nection, as well as standards-based e-mail, files and telnet/SSH hosted applications.
• Core Web access also enables the delivery of Java applets directly from the Secure Access appliance.
• Provides the most easily accessible form of application and resource access, and enables extremely granular security control options
• A lightweight Java or Windows-based download enables access to client/server applications using just a Web browser. Also provides
native access to terminal server applications without the need for a pre- installed client
• Provides complete network-layer connectivity via an automatically provisioned cross-platform download• Users need only a Web browser. Network Connect transparently selects between two possible transport methods, to automatically
deliver the highest performance possible for every network environment.
The SA 2000 includes a variety of capabilities for the availability and redundancy required for mission-critical access in demanding enterprise
Units that are part of a cluster pair synchronize system-state, user profile-state, and session-state data among a group of appliances in the cluster for seamless failover with minimal user downtime and loss of productivity
Cluster pairs multiply aggregate throughput to handle unexpected burst traffic as well as resource intensive application use. Clusters can be deployed in either Active/Passive or Active/Active modes across the LAN or across the WAN for superlative scalability with a large number of user licenses, which scales access as the user base grows
Streamlined Management and Administration
The SA 2000 includes a variety of features available from a central management console at the click of a button. These benefits are extended across
clustered devices, with the addition of SA Central Manager, part of the Advanced Software features set. Central Manager is a robust product with
an intuitive Web-based UI designed to facilitate the task of configuring, updating and monitoring Secure Access appliances whether within a single
device, local cluster or across a global cluster deployment.
Cluster pairs can be seamlessly managed from an integrated central management console, making administration convenient and ef-
ficient. The Central Manager allows administrators to track cluster-wide metrics, push configurations and updates, and provide backup and recovery for local and clustered appliances.
Increases end user productivity, greatly simplifies administration of large diverse user groups, and lowers support costs
Password management integration Web Single Sign-On
Granular role-based delegation lessens IT bottlenecks by allowing administrators to delegate control of diverse internal and external user
populations to the appropriate parties, associating real-time control with business, geographic, and functional needs
Administrators can copy and re-use existing policies, simplifying the process of setting up complex multi-variable polices or administration
Using Secure Access Central Manager, log data can be compiled in standard formats including W3C or WELF, as well as tailored for input
Enhanced monitoring with standards-based integration to third party management systems
Secure Access 2000 Base System
• Secure Application Manager and Network Connect Upgrade Option (SAMNC)
Secure Access 2000 User Licenses
• Advanced Software Feature Set (includes Central Manager)
Secure Access 2000 Feature Licenses
• Dimensions: 16.7”W x 1.74”H x 15”D
Secure Application Manager and Network Connect for SA 2000
• Weight: 13.2lb (5.99 kg) typical (unboxed)
• Material: 18 gauge (.048”) cold-rolled steel
Secure Access 2000 Clustering Licenses
• Fans: 1 blower, 1, 40mm ball bearing fan in power supply
Clustering: Al ow 25 additional users to be shared from another SA 2000
Clustering: Al ow 50 additional users to be shared from another SA 2000
SA2000-CL-100U Clustering: Al ow 100 additional users to be shared from another SA 2000
• Two RJ-45 Ethernet - 10/100/1000 full or half-duplex (auto-negotiation)
• AC Power Wattage 260 Watts
• AC Power Voltage 100-240VAC, 50-60Hz, 2.5A Max
• System Battery CR2032 3V lithium coin cell
• Efficiency 65% minimum, at full load
• MTBF 87,000 hours
• Operating Temp 50° to 95°F (10°C to 35°C)
• Storage Temp -40° to 158°F (-40°C to 70°C)
• Relative Humidity (Operating) 8% to 90% noncondensing
• Relative Humidity (Storage) 5% to 90% noncondensing
• Altitude (Operating) -50 to 10,000 ft (3,000m)
• Altitude (Storage) -50 to 35,000 ft (10,600m)
Safety and Emissions Certification
• Safety: EN60950-1:2001+A11, UL60950-1:2003, CSA C22.2 No. 60950-1,
• Emissions: FCC Class A, VCCI Class A, CE class A
• 90 days – can be extended with support contract
Copyright 2005, Juniper Networks, Inc. All rights reserved.
Juniper Networks and the Juniper Networks logo are registered trademarks of Juniper Networks, Inc. in the United States and other countries.
All other trademarks, service marks, registered trademarks, or registered service marks in this document are the property of Juniper Networks
or their respective owners. All specifications are subject to change without notice. Juniper Networks assumes no responsibility for any
Suite 2507-, Asia Pacific Finance Tower
inaccuracies in this document or for any obligation to update information in this document. Juniper Networks reserves the right to change,
modify, transfer, or otherwise revise this publication without notice.
REVISTA CIENTÍFICA DO HCE • ANO Il • Nº 02 15 REVISÃO DE LITERATURA Avaliação renal pela medicina nuclear na esquistossomose hematóbica Nuclear medicine: renal functional evaluation in schistosomiasis haematobia Carmelindo Maliska1, Joaquim d’Almeida2 1. Médico do Serviço de Medicina Nuclear do Hospital Central do Exército/RJ e do HUCFF/RJ; Mestre em Biociências Nu
(Universidad de La Frontera. Temuco-Chile)(Universidad de La Frontera. Temuco-Chile)(Universidad de La Frontera. Temuco-Chile)[…] nadie es tan intolerante como aquel quepretende demostrar que lo que dice ha de ser la verdad […] 1 SUMARIO: 1. Estructura discursiva del texto-sentencia penal. 2. Cruces del Sistema Ju- rídico-Judicial y el Sistema de Comunicación: Derecho y Comunicación