A Simple, Low-Cost Method for Implementing Multifactor Authentication for SSL VPN


Today’s organizations leverage remote access capabilities to increase efficiency, promote cost-effectiveness and support collaboration with the mobile workforce. Without the proper security measures in place, that access introduces a myriad of security risks that can cause long-term ramifications for any organization, enterprise, financial institution or government agency.


Entrust IdentityGuard, coupled with the Juniper Networks SA2500 SSL VPN Appliance, helps eliminate risk when authenticating users through corporate remote access portals. Through a range of multifactor authentication capabilities for VPN applications, organizations can leverage the benefits of remote access convenience while minimizing the security barriers that prevent its widespread use.


• Key component of comprehensive, layered enterprise security strategy

• Out-of-the-box integration

• Flexible range of authentication methods lets you match security to level of risk

VPNs provide an excellent means to leverage the online channel for remote access to corporate resources. VPNs encrypt data in transit but typically use only a password to authenticate users, which can leave networks and critical data exposed to unnecessary risk and in non-compliance with corporate and regulatory policies. Entrust is committed to delivering security products to help provide customers with the most secure, scalable, and reliable VPN solutions worldwide.

To ensure your VPN guarantees end-to-end security requires adding second-factor authentication to make certain only authorized individuals can gain access. The combination of the Entrust IdentityGuard versatile authentication platform and Juniper Networks® SA2500 will help provide secure access to corporate resources, intellectual property and confidential information.

Juniper Networks SA Series SSL VPN Appliances combine the benefits of ubiquity with advanced access and security features. These solutions enable enterprises of any scope to provide granular access to resource applications for a broad range of audiences including remote/mobile employees, business partners, contractors, trusted third parties and customers.

Entrust IdentityGuard is a strong, versatile authentication platform that enables you to layer security across diverse users and applications—regardless of environment type or scope. The solution offers multiple methods of multifactor authentication including grid cards, tokens, knowledge-based (questions and answers) and mobile out-of-band authentication.

The easy-to-use authentication methods make the security simple to deploy and manage, while enabling organizations to tailor the level of authentication to the risk associated with specific user activity. The solution is affordable enough to extend to all of your users—not just a subset—thereby helping to enable compliance with data privacy regulations and protect corporate intellectual property.

Juniper Networks SA2500

The SA2500 enables small- to medium-sized companies to deploy cost-effective remote and extranet access, as well as intranet security. Users can access the corporate network and applications from any standard Web browser.

The SA2500 uses SSL—the security protocol found in all standard Web browsers—as a secure access transport mechanism. The use of SSL eliminates the need for client-software deployment, changes to internal servers and costly ongoing maintenance. SA Series SSL VPN Appliances also offer sophisticated partner/customer extranet features that enable controlled access to differentiated users and groups, with no infrastructure changes, no DMZ deployments and no software agents.

This functionality also allows companies secure access to the corporate intranet so that administrators can restrict access to different employee, contractor or visitor populations, based on the resources they require.

Seamlessly integrated, Entrust IdentityGuard adds multiple layers of strong authentication to the SA2500. No other vendor provides the grid-card form factor that Entrust IdentityGuard customers can select. It can even be distributed via email or combined with existing employee badges. The combination of Entrust’s versatile authentication and the SA2500 gives joint customers a secure, low-cost way to operate securely in the online channel.

From a server standpoint, Juniper Networks purpose-built, high-performance IP platforms enable customers to support many different services and applications at scale. Service providers, enterprises, governments, and research and education institutions worldwide rely on Juniper’s SSL VPN solutions to deliver products for building networks that are tailored to the individual needs of their users, services, and applications.

• Key component of comprehensive, layered enterprise security strategy

• Strong VPN security that exceeds password-only solutions

• Significant cost savings so you can deploy across the entire enterprise

• Increased confidence in online security means more applications can move online

• Out-of-the-box integration

• Flexible range of authentication methods lets you match security to level of risk

Solution Components

Entrust IdentityGuard supports Juniper Networks SA Series SSL VPN Appliances.

Technical Features

Entrust IdentityGuard grid cards, tokens, out-of-band and knowledge-based authenticators are supported with this integration.

Platforms Supported

AIX 5.3, Red Hat Linux 3.0 or 4.0, SolarisTM 9 or 10, Windows Server® 2003, Juniper Networks SA Series 6.0 and up.

For more information on how the Entrust IdentityGuard versatile authentication platform and Juniper Networks SA2500 SSL VPN Appliance can help secure remote access portals, visit: www.entrust.com/partners/profiles/juniper_networks_inc.htm. To contact Entrust directly, call 888-690-2424, email entrust@entrust.com or visit www.entrust.com.

Entrust (NASDAQ: ENTU) secures digital identities and information for governments, enterprises and consumers in 1,700 organizations spanning 60 countries. Entrust leverages a layered security approach to address the growing risks to governments and enterprises worldwide. Our layered solutions help secure the most common digital identity and information protection pain points in an organization. These solutions include SSL, authentication, fraud detection, digital certificate management, shared data protection and email security. For information, call 888-690-2424, email entrust@entrust.com or visit www.entrust.com.

Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.
entrust, ssl entrust
entrust, ssl,entrust ssl, vpn, vpn client

Figure 1: Entrust IdentityGuard and Juniper Networks SA2500

Figure 2: The Entrust IdentityGuard versatile authentication platform features one of the widest ranges of authentication options available on the market today