Central Account Management with Unified IDentity Manager (UIM)
Simplifying user account management through the consolidation of user information from multiple data stores into a single, manageable virtual directory. ID Series’ UIM component provides provisioning, management and de-provisioning of user accounts from one central interface allowing for quick changes, which can be synchronized across all data stores to help improve accuracy, usability and security while lowering overhead.
User Self-Help Web Portal for Password Resets and Account Updates
Allowing end users to reset passwords and update account information without the need to involve help desk or IT personnel. The Self-Help Service not only reduces support overhead and costs but also simplifies account infrastructure with the synchronization of passwords and other account details. The Self-Help Service also integrates with password policy and password expiration notifications to simplify management and compliance requirements.
Centralized RADIUS Authentication for Simplified Sign-on
Providing a consolidated solution to help simplify user authentication. The ID Series can easily integrate with existing account infrastructure to help simplify the authentication process for users and strengthen authentication mechanisms for devices such as VPNs, wireless access points, switches, routers and security devices. The ID Series is a fully featured RADIUS server with powerful extensions allowing RADIUS requests to be fulfilled by non- RADIUS servers such as Active Directory, LDAP, UNIX, SQL and many more, removing the need for RADIUS specific usernames and passwords.
IP-to-ID or MAC-to-IP Service for Instant Identity Resolution
Find out who is on your network with the unique ability to correlate an IP, ID or MAC address to a user identity, instantly. ID’s IP-to-ID Service eliminates the need to manually correlate IP, ID or MAC addresses to user identity and allows IT engineers to take corrective action immediately to lower security risks and potential damage. IP-to-ID Services provide multiple access methods to obtain user identity information for truly seamless integration with existing security, network and software applications.
Authenticated DHCP and Guest Access Services
The ID Series DHCP server can be enhanced by enabling Authenticated DHCP, which provides the ability to quarantine non-authenticated users and prevent unauthorized network access. A guest access Web portal and web administration portal are also included. With ID, companies can improve their security and compliance requirements while lowering operational costs and reducing management overhead. System Administrators are more productive with UIM’s ability to centrally provision and manage user accounts from multiple data stores simultaneously. Employees are more productive with the user self-help Web portal eliminating the need to have help desk engineers reset passwords. Security is enhanced with Network Authentication and Access Control Services preventing unauthorized network access. Busy IT departments can quickly reduce overhead and speed troubleshooting with IP-to-ID Services pinpointing issues directly to the users responsible. ID’s rich reporting and auditing features provide full visibility to allow IT departments to work more effectively.
A10 Thunder CGN provides many advanced features for enterprises and carriers to extend IPv4 connectivity and to transition to IPv6 Internet connectivity. As network addressing and IPv6 transition architectures can vary greatly across and within an organization, customers need a solution that provides the broadest support for industry standards and addresses different address and protocol translation requirements simultaneously. The Thunder CGN product line provides a broad array of standards-compliant IPv4 extension and IPv6 transition technologies integrated within our high-performance, ACOS-based physical, virtual and hybrid appliances.
EXTEND IPV4 CONNECTIVITY
The Thunder CGN product line provides advanced CGNAT functions to easily mitigate IPv4 address exhaustion and extend the life of an IPv4 network infrastructure. There are many features available within our CGNAT solution to meet the needs for organizations that are looking into CGNAT.
Advanced CGNAT functions: CGNAT provides a standards-based mechanism to reclaim existing public IPv4 address space, using address and port translation. This allows for a network where private addresses inside the network are translated using a pool of public, routable IP addresses on the outside network. The ratio of private to public IP addresses can be high, resulting in a significant amount of reclaimed public IPv4 address space. Performing CGNAT for many simultaneous users requires large amounts of computing and memory resources to maintain user state information. The A10 Thunder CGN product line leverages the highly efficient ACOS platform architecture, which provides high-performance CGNAT scaling in very efficient form factors. The Thunder CGN product line provides support for up to 256 million concurrent sessions in a single RU form factor, as well as unprecedented session setup and teardown rates. Competing solutions require a large chassis product with multiple application blades to achieve similar performance.
Advanced logging features: Local governments often mandate that network operators be able to trace a user's connection details at a given moment in history, which can be complicated when scaling out large IPv4 CGNAT solutions. Thunder CGN offers many techniques to enhance the logging detail or reduce the volume of logs, in order to reduce logging infrastructure requirements. For example, there are log compression features that significantly reduce the amount of data needed to describe a log event. Deterministic or fixed Network Address Translation (NAT) makes it possible to virtually eliminate translation logs; the user details of a connection can easily be derived via a simple algorithm.
BROAD TRANSITION OPTIONS
Since IPv6 is not backwards compatible with IPv4, various solutions are available to achieve full connectivity, regardless of source or destination IP protocol.
Prevalent protocol connectivity: Transition technologies such as Dual-Stack Lite (DS-Lite) allow network operators to run an IPv6-only access network, while IPv4-only devices can still connect to the Internet using softwires (also referred to as tunnels) through the IPv6-only infrastructure. Light Weight 4 over 6 (LW4o6) or IPv6 Rapid Deployment (6rd) provide similar behavior, allowing alternate IP versions access through the network.
Ensure IPv6 client access to IPv4 content: IPv6 was not built to be backward compatible with IPv4, complicating the deployment of IPv6 clients. NAT64/DNS64 solves this problem by allowing IPv6-only devices to access IPv4-only content, thus enabling clients to access the majority of the Internet today.
Interplay for phased transition: Networks often require different transition technologies to be deployed simultaneously. Thunder CGN products allow you to deploy each transition technology concurrently, for example starting with CGNAT to immediately mitigate IPv4 address exhaustion, and then phasing in NAT64/DNS64 to enable IPv6 clients to access the IPv4 Internet, when you are ready.
APPLICATION ACCESSIBILITY AND RELIABILITY
Even though the OSI network layer principle should ensure separation between the application and network behavior, this is not always the case. Many applications rely on network transport information to operate, which can lead to problems when just the network portion is translated. Connection reliability is also crucial for applications that need to be available at all times.
CGNAT transparency: Advanced CGNAT features such as Endpoint Independent Mapping (EIM) and hairpinning provide predictable NAT behavior, and a transparent end user experience. User quotas allow public IP port usage to be fairly distributed between end users, and that viruses and malware, for example, can't exhaust the resources for other users.
Application Layer Gateways (ALGs): For network operators, it is critical to ensure connectivity for all application services and users. ALGs within CGNAT ensure that protocols such as FTP, TFTP, RTSP, PPTP, SIP, ICMP, H.323 and DNS remain functional. Many legacy NAT implementations do not provide this level of transparency.
Stateful session synchronization (hitless failover): When deployed in HA mode, the A10 Thunder CGN units synchronize active sessions, so when a failover occurs, the sessions will be maintained and end users will not be aware that a failover has occurred. This prevents users from having to restart a large download, for example, and increases user satisfaction.
In addition, Thunder CGN appliances offer integrated distributed denial of service (DDoS) protection for CGN devices offering public facing services to prevent huge volumes of multi-vector DDoS attack traffic. Integrated DDoS features are available on all A10 Thunder CGN appliances and specialized Thunder SPE appliances, which leverages a hardware-assisted Security and Policy Engine (SPE) to enforce security policies at ultra-high speed. Together, these CGN software and hardware features ensure maximum uptime of network resources to process subscriber traffic.
WHERE TO BUY ADTRAN
TAMPA, FLORIDA OFFICE:
6026 Jet Port Industrial Blvd.
Tampa, Florida 33634
BUFFALO, NEW YORK OFFICE:
295 Main St. Suite 123
Buffalo, New York 14203
6110 Blue Circle suite 260
MINNETONKA, Minnesota 55343
PURCHASING NEW & USED
GEAR - LETS TALK
Toll-free Phone: (866) 305-8597
Fax: (813) 673-8885