Product Sheet
neXus Hybrid Access Gateway
neXus Hybrid Access Gateway
neXus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries of the corporate network. Access mission-critical data safely at any time using your favorite device!
neXus Hybrid Access Gateway is an exceptional remote access solution that makes on-premises and cloud applications available on any device or platform. The solution also fits perfectly in Bring Your Own Device (BYOD) scenarios. You can easily deploy the Gateway Virtual Appliance into your virtual infrastructure from the cloud – there is no need to install software or maintain an operating system.
Imagine all your organization can gain with: Greater security Ease of use Minimal administration
Versatile Risk-Appropriate Authentication
The security and trust level of an authentication solution depends on the number of factors required for successful identification. An authentication solution capable of withstanding any type of identity fraud should consist of a combination of these factors:
What you know – a static username and password is the most basic authentication level
What you have – a unique possession, such as a hardware token, a mobile phone, or smartcard
Strong multi-factor authentication protects against phishing, password cracking, key logging and many other types of identity theft. neXus Hybrid Access Gateway offers a number of authentication methods with different authentication strengths in one flexible, integrated solution. Organizations can empower their users with authentication technology that is easy to use, easy to manage, cost-effective and secure. The broadness of different authentication methods allows for a versatile authentication strategy.
The benefit of using a platform supporting versatile authentication is that you can apply the most appropriate authentication method to each application. Practically, you can use simple password-based authentication to provide access to less sensitive applications, and more complex authentication to secure access to highly sensitive data. When an already authenticated user request access to a more sensitive application, you can apply step-up authentication, which requires the user to authenticate again with an
additional credential. This is what the industry refers to as risk-appropriate authentication.
neXus Hybrid Access Gateway is easy to integrate with existing infrastructures. It uses standard authentication protocols and is extendible through a plug-in API, which facilitates the use of new or custom authentication methods. Open standards such as X.509, Open Authentication (OATH) and LDAP are supported.
Mobile App Security
The neXus solution also brings strong authentication and secure electronic identities to mobile apps by supporting OAuth 2.0 standards. The OAuth 2.0 authorization framework provides applications (web-based and mobile) with
authorized applications. Let the neXus solution manage the complex tasks of authentication and authorization – and allow your developers to focus on your core development and core business.
Policy Enforcement
A secure encrypted channel between the user and the application is ensured by Single Sign-On (SSO) enforcement and remote access to applications via your web browser. No client software needs to be installed. Web SSL reverse proxy/SSL VPN functionality is used with session cookies to manage and track sessions from log-on until the connection is terminated.
neXus Hybrid Access Gateway makes it easy to create secure deployments by using Distributed Mode. With Distributed Mode the Policy Enforcement and the Policy Decision Points are split into separate Virtual Appliances. In this way an optimal secure network architecture can be designed.
neXus Hybrid Access Gateway makes it easier to satisfy your company’s enforcement policies as it allows you to set access rules for various authentication levels and locations. Clientless client-server application access is supported using unique application virtualization based on HTLM5 and websocket technology.
Application Portal
Single Sign-On Enforcement
One user and a single login is a breakthrough with advantages for everyone. In addition to providing seamless access to applications, it also reduces password management and
significantly improves the user experience. The user only needs to sign in once – any subsequent authentication to back-end applications is automatically handled within the system.
All traditional web applications remain accessible. HTML5 and websockets enable the use of non-web applications in browsers and support the ability to offer remote desktops.
The SAML 2.0 standard is supported to secure identities, Federation integrity and Cloud Applications, both inside and outside your system.
Supported SAML 2.0 standards:
SAML Identity and Service Provider
Web Browser SSO profile with redirect and POST bindings
Basic Attribute Profile
SAML Metadata
SAML Single Log-out as Service Provider
Identity Orchestration
Using standards like SAML and SCIM or proprietary APIs, first-time users are automatically provisioned for application access. neXus Identity Orchestration provides life-cycle identity management together with access control – for on-premises services as well as public and private cloud services. The result is reduced cost, account control and privacy compliance – all while enhancing the end-user experience.
Authorization and Policy-Based Access
All access in the system is based on dynamic evaluation
authorization engine using role-based and attribute-based access controls. User storage integration enables the reuse of roles and user attributes.
Access rules are evaluated based on numerous decision
parameters including user role, authentication method, device type and trusted or untrusted location/IP address.
Identity Orchestration integrates with SCIM, Google API and POST-based API making it possible to reduce user account administration by automatically pushing user details, for example to create, authenticate and auto-link new accounts.
Enterprise Administration
As a virtual appliance, neXus Hybrid Access Gateway boasts simplified administration with easier deployments, upgrades and maintenance – all via web-based automation.
A Central Management Console features a comprehensive platform for consolidating your administrative tasks.
Delegated Management shifts administration rights from one organizational level/department to another, and real-time alerts can be sent via email and SMS.
The web-based administration interface provides wizards for common tasks and aids the creation of users, access rules and resources. Rollback functionality tracks the history of published configurations and makes it possible to revert back to prior configurations. The interface automatically adapts to the features included in your neXus Hybrid Access Gateway license. Support is included for delegated administration, graphical reporting and the publication of service
Auditing
When it is time to audit, all data is at your fingertips.
Consolidated and comprehensive auditing functionality tells you who did what, when, where and how. This is particularly useful for compliance officers and corporate governance teams.
All statistical data from the logging system is stored in a central repository for single-point retrieval. Real-time and historical reporting can be shown in many different graphical formats, such as pie charts, line charts, 3D charts and bar graphs. All data is exportable in text format so that it can be easily processed in, e.g., Excel.
User Data
Authentication
The Hybrid Access Gateway features strong authentication supporting a wide range of methods:
1-factor authentication
Web Token, Password
2-factor authentication Invisible Token Mobile Text
Soft OTP Token (TruID Syncronized/Challenge)
OATH HOTP
SOTA, Secure Online Token Activation for TruID Soft OTP Token
QR code activation url:s support for TruID on Android and iOS Devices (iPhone/iPad)
PKI/Certificates
X.509, e-ID, BankID, SITHS, SmartCards etc.
3rd-party authentication
Radius, LDAP, Active Directory, Basic, NTLM
Creation of custom authentication plug-ins
XPI:am
APIs for third party integration
XPI:am, to create custom authentication plugins
