EdgeWave iPrism Deployment
Comprehensive, policy-driven Web SecurityPowerful Web Security Appliances
The iPrism Web Security delivers comprehensive, policy-driven Web Security by combining software flexibility and scalability with the security and control of an appliance-based solution. The iPrism h-Series high-performance appliances are designed to enhance iPrism Web Securitying capabilities now as well as prepare for new features and functionality in the future.
Secure Content Management for the Enterprise
EdgeWave introduces our newest appliance, the 500h, built to handle the size and bandwidth requirements of a large enterprise or any organization that wants to manage Web access in a bandwidth-intensive environment.
Network Fit
iPrism Web Security offers flexible deployment options that fit into a wide variety of network platforms and configurations. It can scale from small to large enterprise networks and delivers unrivalled performance in both distributed and centralized networks as well as mixed environments, including Terminal Services.
Transparent Bridge Deployment
Our exclusive transparent bridge deployment delivers powerful Web security that won't introduce latency to your network traffic no matter how busy your network gets. Even networks with the largest pipelines are easily managed by our combination of seamless in-line deployment and kernel-level filtering technology.
Terminal Services
If you're a Citrix user, your environment can cause special challenges when you need to deploy an Internet filtering solution. Recent tests conducted by Citrix engineers confirm that the iPrism Web Security solution surpasses all competitors in its ability to easily integrate within a Citrix environment without degrading performance. That's why Citrix has proclaimed our solution the only Citrix Ready appliance-based Web Filter on the market.
Remote Filtering
iPrism Web Security offers a Hybrid Remote Filter that employs proprietary technology to bring powerful Web filtering to all your users, regardless of their location, without using your VPN, deploying anything in the DMZ or requiring any PAC file implementations. iPrism Web Security eliminates browser latency while delivering secure and comprehensive Web access management to all your off-premises users.
Hardware Overview:
SMB Organizations
The h-Series compact, 1U appliances are compatible with all supported versions of the iPrism Web Security operating software and are ideal for small to medium enterprises seeking to provide powerful, comprehensive protection from Internet-based threats while staying within budget. With a range of models that are easy to deploy and manage and offer throughputs of 10 to 30 Mbps, the h-Series 10h, 20h and 30h appliances deliver superior performance and protection at the perimeter, helping SMB organizations enforce acceptable use and security policies and defend against emerging threats.
iPrism Web Security delivers comprehensive, policy-driven Web Security by combining software flexibility and scalability with the security and control of an appliance-based solution. The cost-efficient iPrism SMB h-Series appliances are designed to enhance iPrism Web Security capabilities now as well as prepare for new features and functionality in the future.
The compact, 1U, h-Series appliances are compatible with all supported versions of the iPrism Web Security operating software and deliver throughput speeds ranging from 10 to 30 Mbps depending on the model you choose. With a variety of models available to suit your requirements, the iPrism Web Security is designed to fit any size organization. The iPrism Web Security, delivered via the h-Series appliances, provides powerful, comprehensive Web Security to organizations ranging from large enterprises to small and medium-sized businesses.
SMB h-Series Appliances
iPrism 10h
The iPrism 10h delivers superior Web Security results to small organizations and includes the same hardened and optimized OS, high-performance components and ease-of-use you have come to expect from the iPrism Web Security. The 10h is ideal for organizations with 1-175 workstations, although other factors such as high Web usage activity, longer access event retention and bandwidth are also important points to consider when choosing the right model for your organization. If you are looking for network failover capabilities, consider upgrading to the 20h.
iPrism 20h
The iPrism 20h is the model that comes after the 10h and includes more processing power and a 1 Gbps network failover card for added reliability. It is an ideal choice to handle the Web Security needs of small and medium-sized organizations that have greater bandwidth or access event retention requirements. If you are looking for a server-grade appliance with redundant power supplies and hard drives, consider upgrading to the 30h.
iPrism 30h
The iPrism 30h is the next step after the 20h but it represents a leap in processing power, hard drive space and server-grade features to handle more users, longer access event retention and a bigger pipeline. If you need more Web Security speed, consider the 50h or 100h models.
| Appliance | Model: | 10h | 20h | 30h |
|---|---|---|---|---|
| Performance | Unfiltered Traffic Throughput |
Up to 1 Gbps | ||
| Filtered Traffic Throughput |
10+ Mbps | 20+ Mbps | 30+ Mbps | |
| Transactions per Second1 |
160+ | 300+ | 400+ | |
| Access Event Records Retained2 |
114 million | 320 million | ||
| Number of Workstations |
up to 175 | up to 500 | up to 1,000 | |
| Hardware Specifications |
Processor | 1 x Intel Single-Core 3Ghz |
1 x Intel Dual-Core 2.13 GHz |
1 x Intel Quad-Core @ 1.6GHz |
| Chipset & Memory | Intel 946GZ with 2GB SDRAM (DDR2-553) |
Intel 5000P with 2GB SDRAM (DDR2-667) |
||
| Disk Drives & RAID Controller |
1 x 80 GB SATA | 2 x 250 GB Hot-Swap SATA with RAID 1 (Mirrored) | ||
| Ethernet Interface | 2 x 10/100/1000 Mbps Full-Duplex NICs 1 x 10/100/1000 Mbps Management NIC |
2 x 10/100/1000 Mbps Full-Duplex NICs with Built-in Network Failover Circuit 1 x 10/100/1000 Mbps Management NIC | ||
| Physical Specifications |
Form Factor, Dimensions & Weight |
Mini-1U height, rack-mountable w/o rails 1.75"(H) x 14"(W) x 16.7"(D) @ 15 lbs |
1U height, rack-mountable with rails 1.75"(H) x 17.2" (W) x 25.6"(D) @ 40 lbs |
|
| Power | Single Supply with 115-230 VAC @ 50-60 Hz and 4.0A @115V (200W) | Dual Hot-Swap Supplies with 100-240 VAC @ 50-60 Hz and 4.0-8.0A@115V (650W) | ||
| Heat Output & Operating Temperature |
1320 BTU per hour (max.) and 10° to 35°C (50° to 95°F) | 1850 BTU per hour (max.) and 10° to 35°C (50° to 95°F) | ||
1 - On average, each transaction consists of 83kb of data communicated assuming a standard distribution of web sites and applications with varying bandwidth-intensity. A transaction consists of one or more requests and burdened responses in a single connection, and is not equivalent to a persistent connection (aka. session) or request as other vendors may cite
2 - On average, each record consists of 387 bytes of data stored assuming a standard distribution of URL path lengths and other logged attributes
Large Enterprise Organizations
For organizations with a large number of employees or those that have bigger bandwidth requirements, iPrism offers h-Series appliances designed to meet those needs. Our powerful 50h, 100h and 500h appliances are designed to meet your requirements now, and scale with you as you grow. Our enterprise-level models offer blazing throughput speeds ranging from 50 to 500 Mbps and come in 1U sizes for the 50h and 100h, with our biggest model, the 500h in 2U size.
As with our SMB models, the enterprise appliances are easy to deploy and manage and deliver optimum performance of iPrism's robust feature set.
iPrism Web Security delivers comprehensive, policy-driven Web Security by combining software flexibility and scalability with the security and control of an appliance-based solution. The iPrism h-Series high-performance appliances are designed to enhance iPrism Web Security capabilities now as well as prepare for new features and functionality in the future.
With bandwidth requirements continuing to mount, organizations that need access to media-intensive sites, or have a large and growing employee head count, need a Secure Content Management solution that will meet their needs now and grow with them in the future. That's why we developed the 500h, our most powerful appliance yet, designed to deliver 500+ Mbps of throughput for filtered traffic and over 1Gbps for unfiltered traffic.
Large Enterprise h-Series Appliances
iPrism 50h
The iPrism 50h is the next model after the 30h and represents a significant upgrade in power. Like the 30h, the 50h is a full 1U chassis with the 1 Gbps failover NIC, dual hot-swap power supplies and hard drives it is capable of handling medium to large-sized small enterprises with high-speed pipelines. If you are looking for an even faster Web Security experience, consider our most powerful appliance, the 100h.
iPrism 100h
The iPrism 100h doubles the processing cores and hard drive storage, for more throughput and access event retention. It is capable of handling medium enterprises with large pipelines.
iPrism 500h
Like all iPrism's h-Series high-performance appliances, the 500h is a completely self-contained solution with its own hardened and optimized OS. The 500h handles large enterprise, bandwidth heavy environments, or organizations that need to retain access events for a long time for compliance. It does not rely on legacy solutions to control bandwidth such as a caching proxy. These legacy approaches are not only less effective, they lack the scalability that can accommodate you as your organization and/or bandwidth requirements grow.
| Appliance | Model: | 50h | 100h | 500h |
|---|---|---|---|---|
| Performance | Unfiltered Traffic Throughput |
Up to 1 Gbps | ||
| Filtered Traffic Throughput |
50+ Mbps | 100+ Mbps | 500+ Mbps | |
| Transactions per Second1 |
600+ | 1,200+ | 6,000+ | |
| Access Event Records Retained2 |
320 million | 790 million | 2,050 million | |
| Number of Workstations |
up to 2,500 | up to 10,000 | up to 20,000 | |
| Hardware Specifications |
Processor | 1 x Intel Quad-Core @ 2.0GHz |
2 x Intel Xeon Quad-Core @ 3.0GHz |
2 x Intel Xeon Quad-Core @ 3.47GHz with Hyper-Threading |
| Chipset & Memory | Intel 5000P with 4GB SDRAM (DDR2-667) |
Intel 5520P with 6GB SDRAM (DDR3-1333) |
||
| Disk Drives & RAID Controller |
2 x 250 GB Hot-Swap SATA with RAID 1 (Mirrored) |
2 x 500 GB Hot-Swap SATA with RAID 1 (Mirrored) |
2 x 2 TB Hot-Swap SATA with RAID 1 (Mirrored) |
|
| Ethernet Interface | 2 x 10/100/1000 Mbps Full-Duplex NICs with Built-in Network Failover Circuit 1 x 10/100/1000 Mbps Management NIC |
|||
| Physical Specifications |
Form Factor, Dimensions & Weight |
1U height, rack-mountable with rails 1.75"(H) x 17.2" (W) x 25.6"(D) @ 40 lbs |
2U height, rack-mountable with rails 3.5"(H) x 17.2" (W) x 25.6" (D) @ 50 lbs |
|
| Power | Dual Hot-Swap Supplies with 100-240 VAC @ 50-60 Hz and 4.0-8.0A@115V (650W) | |||
| Heat Output & Operating Temperature |
1850 BTU per hour (max.) and 10° to 35°C (50° to 95°F) | |||
1 - On average, each transaction consists of 83kb of data communicated assuming a standard distribution of web sites and applications with varying bandwidth-intensity. A transaction consists of one or more requests and burdened responses in a single connection, and is not equivalent to a persistent connection (aka. session) or request as other vendors may cite
2 - On average, each record consists of 387 bytes of data stored assuming a standard distribution of URL path lengths and other logged attributes
Network Fit:
| All configurations build on one or both of our two core modes of installation: | |
Transparent Bridge Mode |
Proxy Mode |
| From there, you can introduce... | |
Citrix Deployment |
Multi-site Deployment |
| And scale for size and complexity... | |
Complex Multi-site School Deployment |
Complex LAN |
Transparent Bridge:
Even networks with the largest pipelines are easily managed by our combination of seamless in-line deployment and kernel-level filtering technology.
Installing an iPrism Web Security appliance in its typical Transparent Bridge Mode has several benefits:
- It combines the accuracy and security of pass-through filters with the speed of a pass-by or sniffer-type solution, giving you the best of both worlds:
- Pass-thru traffic is securely monitored defeating any attempts to circumvent the Web filter
- Pass-by traffic is picked up and pages are blocked according to your organization's policies
- Kernel-level filtering means the appliance is not acting in proxy mode and latency is never introduced into the process
- Flexible transparent deployment means the EdgeWave Web Security appliance can still function as a direct proxy when deployed in Transparent Bridge Mode.
- Functioning in both modes simultaneously allows greater flexibility in deployment
- Proxy functionality is available for multi-user workstations or as an alternative to our Remote Filtering solution for remote users who may not use the same gateway to the Internet as on-site user
- Because all traffic flows over the Transparent Bridge, features and functionality that take advantage of this visibility can be easily downloaded to the Web filter
- Single Point of Failure issues are eliminated with the Bypass Module on the NIC because any problems with the Web filter will not affect normal network operations or performance
- As a stand alone appliance with no additional software or servers required, iPrism Web Security has greater flexibility in adapting to a wide range of network scenarios involving mixed platforms, legacy systems and other variants
Terminal Services:
If you're a Citrix user, your environment can cause special challenges when you need to deploy an Internet filtering solution. Recent tests conducted by Citrix engineers confirm that the iPrism Web Security solution surpasses all competitors in its ability to easily integrate within a Citrix environment without degrading performance. That's why Citrix has proclaimed our solution the only Citrix Ready appliance-based Web Filter on the market.
iPrism Web Security Offers Significant Advantages in Citrix Environments
Citrix Partner - Citrix Ready One of the main reasons that iPrism Web Security is the only Citrix Ready appliance based Web filter and ideal for your Citrix environment is our unique auto-login feature. When this feature is deployed, users are allowed to maintain their productivity without incessant authentication requests. This ensures that uniform policy application and enforcement are being enabled across your organization.
- Our unique "session based" authentication technology allows you to use Auto-login and greatly simplify the authentication process
- Our technology allows Citrix users to easily apply unique policies to individual users and document their activity
- This authentication feature is enabled without installing any software on the Citrix or AD servers
- Our technology ensures consistent policy application whether Citrix users are Web surfing from their desktop or via Citrix systems
- If you require more aggressive security because of the shared nature of terminal server clients, you can easily configure iPrism Web Security to require manual authentication.
Deploying iPrism Web Security in a Citrix Environment is easy
It only takes a few steps to install iPrism Web Security in your Citrix environment:
- Install our appliance upstream of your Citrix server, and inline with your Firewall
- Create profiles and policies in the Appliance Manager
- Enable auto-login
- Establish session-based authentication for Citrix
- Block, monitor and report on all thin/fat client use
iPrism Web Security Offers 5-Star Features
- Antivirus - Includes a powerful, four-factored antivirus engine at no extra charge
- IM and P2P protocol management
- Spyware, malware and phishing blocking (hourly updates)
- Comprehensive drill-down own reporting and real-time monitoring
- Authentication - Active Directory and LDAP Authentication simplify IT administration tasks
- 100% human reviewed database
- Mobile and Remote Filtering - Easily extend AUP and security policy enforcement to your mobile and laptop users
- Delegated Administration - Assign administrative tasks to others in your organization
Remote Filtering:
iPrism Web Security offers a Hybrid Remote Filter that employs proprietary technology to bring powerful Web filtering to all your users, regardless of their location, without using your VPN, deploying anything in the DMZ or requiring any PAC file implementations. iPrism Web Security eliminates browser latency while delivering secure and comprehensive Web access management to all your off-premises users.
Using a combination of the Remote Filtering Client for both Windows 32/64-bit and Mac, and powerful elastic data center cloud service, iPrism Remote Filtering, with centralized administration and reporting, is a true hybrid solution that allows you to enforce your corporate AUP across all employees whether they are on-premises or accessing your network remotely. And our unique hybrid technology keeps total cost of acquisition (TCA) and total cost of ownership (TCO) the lowest in the Industry.
iPrism Remote Filtering Delivers Simplicity, Value and Performance:
- Easy set-up and provisioning: Once you install the Remote Filtering Client software, you can manage and report on remote users easily from iPrism's browser-based central management console. And unlike solutions from other vendors, iPrism eliminates administrative burdens:
- No additional system modules to install off-box
- Eliminates the insecurity of copying users' directory service credentials off-premises
- No emails required to educate roaming users on self-provisioning
- Secure Client-Based Hybrid Technology: Unlike other vendors that rely on PAC file-based hybrid solutions, iPrism uses lightweight, low-latency, tamper-proof and application-agnostic client software. This eases the burden on IT Admin resources:
- Eliminates the need to restrict users' workstation privileges
- No need to restrict application usage
- No changes to or restrictions on users' browser proxy settings
- Accurate Off-Premises Policy Enforcement: The iPrism Remote Filtering client is location aware, which means you can apply and enforce the same or a different policy for roaming users, whether on- or off-premises relative to the corporate network. This also allows users to negotiate captive portals encountered at wireless hotspots such as airports, hotels, coffee houses and others.
- Centralized Administration and Reporting: Real-time monitoring and drill-down reporting work the same for your remote users as for those on-premises. You can run separate reports on remote users, isolate an individual remote user or include remote users in regular company-wide reports.
- Bandwidth Conservation - No Latency: Unlike other remote Web filters, iPrism helps conserve your bandwidth, because there are no VPN tunnels and no deployments in your DMZ to hog network bandwidth so low latency is assured.
- Distributed Data Center: A nationwide network of powerful, distributed data center cloud services supports iPrism's Remote Filtering so your users never encounter availability issues.
How iPrism Web Security Works
Our unique hybrid approach to remote filtering includes communications between the Web Filter and the Remote Filtering Client. The data center cloud service functions as a go-between, making sure the Web filter remain secure and conserving bandwidth.
iPrism Remote Filtering Establishes Policy
The iPrism Remote Filter defines policies for your remote users in accordance with your acceptable use policy (AUP). These policies are then pushed to the Data Center, where they are stored securely and confidentially to be applied to your remote clients once they are enabled.
iPrism Remote Filtering Enforces Policy
When a remote user accesses the Internet, the client software is connected to the data center and receives a disposition for the Web request based on its iGuard database URL rating and the profile that applies to the remote client. The data center tells the client to block or allow a site and to monitor or not to monitor the user's Internet activity.
iPrism Remote Filtering Sends Logs and Generates Reports
Periodically, the client sends logs of all your users' Internet activities on remote PCs or Macs to the data center. These logs are pulled on-demand and added to the local reports database. This gives you a single source of management reports for all users whether on or off-premises. Our unique technology allows you to compile reports from across your organization and drill down to a single user regardless of location.
Cloud Center:
The EdgeWave Secure Content Management Portfolio uses elastic in-the-cloud data centers that deliver proven resources to assure optimum scalability and availability of iPrism, EdgeWave's Email Security, Archiving, Hybrid Remote Filtering and other cloud-based services. In addition, cloud services deliver iPrism upgrades, iGuard URL updates and Circumvention Defense Network updates, including Bot detection. These proven data centers offer built-in failure resistance and redundancy, and are designed to isolate themselves from common failure scenarios. You can be certain that you will be able to enforce policies with your remote and roaming users as efficiently and accurately as you manage your on-premises employees.
Our Data Center Cloud Service Offers:
Elasticity - Cloud service data centers easily scale to handle the biggest pipelines and usage peaks so latency is never an issue.
Flexibility - Cloud services, are OS agnostic and will integrate seamlessly no matter what platform you are using
Reliability - Our in-the-cloud data centers have a proven infrastructure and a highly reliable environment where replacement instances are rapidly and predictably commissioned. With an SLA committed to 99.95% availability, you can count on accurate AUP enforcement for all employees 24/7/365, no matter where they are when they access your network.
Security - The cloud service data centers used by EdgeWave are committed to following security best practices including:
- Data Privacy - Your privacy is assured not only because of the built-in privacy and encryption capabilities, but because none of your organization's proprietary data is stored in-the-cloud. Once the client is deployed on your remote machines, event logs are stored there while iPrism does the URL monitoring and blocking. The in-the-cloud data service functions as a go-between enabling communication between your iPrism and the remote client.
- Physical Security - Distributed data centers are housed in secured locations with badge-only entrances and continuous video surveillance. This assures that only authorized, verified personnel have access to our data centers.
- Certifications and Accreditations - Data centers have successfully completed SAS70 Type II Audit, and will continue to obtain the appropriate security certifications and accreditations to demonstrate the comprehensive security of the infrastructure and services.