Unified Access Control
Juniper Networks Unified Access Control (UAC) is a comprehensive network access control solution that combines user identity, device security state, and network location information to create unique, dynamic access control policy, per user and per session.
Unified Access Control (UAC) is a standards-based, scalable solution for adaptive access control that reduces threat exposure and mitigates risks. It protects your network, guarding mission-critical applications and sensitive data, and providing comprehensive control, visibility, and monitoring.
This approach to adaptive access control reduces the cost and complexity of delivering and deploying granular network access control from the branch to the corporate data center. It also addresses pain points like insider threats, guest user access, outsourcing and off-shoring, and regulatory compliance.
UAC is composed of:
- The IC Series Unified Access Control Appliances, hardened, centralized policy management servers
- The UAC Agent, a dynamically downloaded agent that collects user credentials and assesses device security state (UAC also offers an agent-less mode for use when software downloads are not practical, such as with guest users.)
- UAC enforcement points, such as any vendor-agnostic 802.1X-enabled wireless access point or switch (including Juniper Networks EX Series Ethernet Switches) and any Juniper Networks firewall platform (including the SSG Series and ISG Series with IDP platforms), as well as the SRX Series Services Gateways.
UAC can be enabled at Layer 2 using 802.1X, at Layer 3 using the overlay deployment, or both for granular access control.
|
IC4500 Unified Access Control Appliance
The IC4500 Unified Access Control Appliance is a next-generation hardened, centralized policy management server delivering superior scalability and performance for mid-sized to large organizations and remote or branch offices. Learn More |
|
IC6500 Unified Access Control Appliance
Delivering best-in-class scalability, performance, and redundancy, the IC6500 Unified Access Control Appliance is a next-generation hardened, centralized policy management server for large, multinational organizations and government agencies. Learn More |
|
|
IC6500 FIPS Unified Access Control Appliance
Delivering scalability, performance, and redundancy, the IC6500 FIPS Unified Access Control Appliance, coupled with a dedicated FIPS certified security module. Provides next-generation cryptographic operations and centralized policy management server for large, multinational organizations and government agencies. Learn More |
- Delivers dynamic, standards-based, vendor-agnostic network and application access control.
- Provides comprehensive access protection, visibility, and monitoring for networks, applications, and sensitive data.
- Offers flexible, phased deployment, enabling quick implementation within heterogeneous networks by deploying a single appliance.
- Scalability and centralized policy management eases deployment, provisioning, and administration.
- Addresses most access control challenges, including insider threats, guest user access, regulatory compliance, and offshoring/outsourcing.
- Built on proven, best-in-class security and access control products, including SA Series Secure Access SSL VPN Appliances, SBR Series Steel-Belted Radius Servers, and Odyssey Access Client.
- Leverages existing AAA infrastructure, any 802.1X-enabled switch or access point (including Juniper Networks EX Series Ethernet Switches) and any Juniper firewall platform.
- Based on industry-standards (802.1X, RADIUS, and IPSec) and open standards (Trusted Network Connect standards).
IC Series Unified Access Control Appliances offer:
| Feature | Benefit |
|---|---|
| Superior performance and scalability | The next-generation hardened, centralized policy management servers at the heart of Unified Access Control deliver high performance and scalability. |
| Security | The IC Series can obtain user authentication, endpoint security state, and location data and define dynamic access control policies that are distributed to network enforcement points across the distributed network. |
| Costs savings | The IC Series takes advantage of existing investments in AAA infrastructure, any 802.1X-enabled switch or access point -- including Juniper Networks EX Series Ethernet Switches -- and any Juniper firewall platform. |
| Flexible access control deployment | Based on industry-standards (802.1X, RADIUS, IPSec, and others) and open standards (Trusted Network Connect standards). |
| Quick, simple access control implementation | Implementation within heterogeneous networks is fast and simple because only a single appliance is required. |
| Centralized controls | Pre-authentication assessment, authentication, role mapping, and resource controls are centralized in a single location. |
Several hardware and software options and modules are available for UAC's IC4500, IC6500, and IC6500 FIPS Unified Access Control Appliances, including:
| Module | Description |
|---|---|
| Microsoft SOH License | Addresses the licensing of System Health Agent (SHA)/System Health Verifiers (SHV) and Statement Of Health (SOH) protocols from Microsoft. These are key components that enable Juniper Networks UAC to support the Microsoft Windows SOH and embedded Microsoft Network Access Protection (NAP) Agents through the Trusted Network Connect (TNC) SOH open and standardized protocol IF-TNCCS-SOH. |
| Infranet Controller Disaster Recovery (DR) License | Addresses disaster situations without requiring the purchase of permanent user licenses for those types of contingencies. This license also enables the periodic testing of disaster recovery deployment while still providing usage when needed. They are also available for clusters. |
| Coordinated Threat Control License | Leverages additional access control and security capabilities through UAC's communications with Juniper Networks IDP Series Intrusion Detection and Prevention Appliances for coordinated threat control. |
| IF-MAP Licenses | Leverages the TNC's open specification Interface for Metadata Access Point (IF-MAP), and is defined as an IC Series Appliance (or IC Series Appliance cluster) operating solely as a Metadata Access Point (MAP) server with no additional simultaneous endpoint licenses or OAC-ADD-UAC licenses. In this mode, the IC Series Appliance (or clustered IC Series Appliances) as MAP servers must have an IF-MAP license installed. Mixed IC Series Appliance and MAP mode is defined as any IC Series Appliance that simultaneously acts as both an IC Series Appliance and as a MAP server, where either a simultaneous endpoint license or an OAC-ADD-UAC license has been installed. In this case, the IF-MAP license is not required on that IC Series Appliance (or IC Series Appliance cluster). |
| Hot-Swappable Power Supplies (IC6500, IC6500 FIPS ONLY) | The IC6500 and IC6500 FIPS offer optional dual, hot-swappable power supplies. |
Juniper Networks Unified Access Control
Download
[ 
2.70 MB ]
DEMAND MORE
IT SERVICES WITHOUT BOUNDARIES
With Juniper Networks SRX Series Services Gateways, you can now achieve 5X security performance for 50% less than competitive solutions. The new SRX series deliver consistent HQ quality security across all your enterprise locations without security or performance trade off.
Find the Right Solution
Have a Juniper Networks Partner evaluate your business and create a solution that's right for you.
Find Reseller
DEMAND MORE
IT SERVICES WITHOUT BOUNDARIES
Learn how to achieve 5X security performance for 50% less.
"The Juniper Networks Distributed Enterprise Solutions enable us to improve employee performance, build revenues, and reduce total cost of ownership to drive a sustainable competitive advantage."
Scotty Bevill
IT Project Manager, Intermatic, Inc.
