Today’s mobile workforce presents new challenges for IT organizations. As individuals roam between offices and locations, they still need access to their corporate applications and databases. Yet providing that access can be difficult for many reasons:
- Many organizations, even those who have standardized on a vendor’s equipment, have some equipment from other vendors -- making reliance on proprietary authentication schemes and technologies problematic.
- IT cannot always manage the endpoints connecting to the network, such as when contractors bring their own laptops or when users roam from partnering networks.
- Even when the devices are under IT control they may lack the intelligence to support end-user authentication, such as in the case of sensors.
Unable to authenticate accessing devices, organizations must implement more restrictive policies or settle for more open policies that could expose organizations to attack or lead to poor resource utilization. Even once the network authenticates the accessing device, a significant investment in solutions engineering is needed to get the equipment to work together.
With IF-MAP, network infrastructure elements can work together even when the equipment comes from different vendors. Take the example where a consultant needs to access private applications in the cloud and the network runs a 802.1x switching infrastructure, such as one using Cisco switches, a Juniper-based security infrastructure and an IPAM layer delivered by Infoblox. IF-MAP enables the orchestration of that equipment:
- When a device plugs into the network, the Cisco switch prompts the device for security credentials, which are sent to a security server, such as the Juniper IC 4000 UAC.
- The Juniper IC 4000 UAC authenticates the credentials using information from the AAA server and returns the authorization to the Cisco switch. The IC 4000 UAC in turn publishes the information to the MAP server to update the MAP database.
- The switch then enables the accessing device to request an IP address from the DHCP server, which sends the information to the MAP server to update the MAP database.
- The MAP server sends the IP-MAC information to the IC 4000 UAC, which activates L3 access on the firewall enabling access to the private application in the cloud.
Equipment from three different vendors all working together seamlessly -- that’s the power of IF-MAP. Whether your needs are in remote access, network security or any other area requiring network integration, IF-MAP can help.