RSA Introduces Security The Hardware Way
Shipped as a 1U rack-mountable unit, the SecurID appliance plays host to RSA's Authentication Manager 6.1, a software environment optimized for two-factor user identity. While the true magic of RSA lies within the software, one would be remiss to ignore the hardware platform now being offered by the company.
The rack-mountable appliance sports four 10/100 Ethernet ports that are user-configurable. The unit can be linked to other units to provide failover or load balancing and for the most part, is managed via a browser. There also is a serial port on the unit, which allows advanced chores to be completed using a Telnet session via a local PC.
The purpose-built appliance runs a hardened Windows 2003 Server operating system. Those worried about the security of the under-lying OS will be relieved to discover that the OS has been hardened based on Microsoft and NSA guidelines. Non-essential functions have been disabled to reduce threats from malicious network attacks. The device is protected at both the OS (Windows 2003 Server) and application (RSA, Internet Information Server 6.0) levels.
Ease of implementation is the rule, with many smaller enterprises able to fully implement the RSA appliance in less than a half hour. The initial install is wizard-driven, and the administrative consoles are clearly labeledtherefore referring to the documentation is practically eliminated. Getting up and running is broken down into a seven-step process, which follows a logical, step-by-step progression.
Once the initial setup is completed, the fun begins. This consists of integrating the SecurID appliance into the existing security infrastructure, a task that may seem daunting at firstbut RSA seems to have thought of everything. The vendor can provide agents and instructions to work with more than 300 various pieces of equipment, ranging from Microsoft domains to Cisco Systems firewalls to security-enabled applications. RSA has the tools available to allow solution providers to create custom host interfaces to bring the SecurID technology to custom or vertical market products. In addition, RSA's SecurID can be used as the authentication point for RSA Sign-on Manager, RSA ClearTrust and RSA Federated Identity Manager.
For two-factor authentication to properly work, one needs two elementsin this instance, a password and a token. RSA provides hardware tokens with its user licenses, and the company sells user licenses based on user counts. Those licenses come in packs of various counts and include the corresponding number of hardware tokens. Each hardware token is assigned to a user, and the users physically carry the token with them. Luckily, the tokens are small, key-fob like devices and have unique serial numbers clearly printed on them. That makes associating a token with a particular user a snap. Other style tokens are available, as are software-based tokens that can be installed onto PDA devices or other mobile equipment. The key here is to have users provide something they know (password and user name) along with something they physically possess (the token), which helps prevent unauthorized access to systems. For sites looking to bring additional security to their wireless infrastructures, the RSA SecurID Enterprise Appliance includes an 802.1x-compliant Radius server based on Funk's Steelbelted Radius. That allows the product to interoperate with any 802.1x compliant wireless access point and client software.
With a critical eye toward evaluating the appliance's promise of secure authentication, Test Center engineers were impressed with what the unit has to offer. RSA has met many of the goals that a security-conscious administrator would demand, yet still brings ease of implementation and use to the equation.
RSA offers a two-level partner program broken down into a SecurWorld Access Partner level and a SecurWorld Solutions Partner. The minimum requirements for both levels include acceptance of RSA's terms and conditions, complete sales authorization and/or technical certification, completion of quarterly business plan and partners must meet a minimum number of transactions in a defined period. The company offers additional details about the requirements on its Web site. The two partner levels offer several advantages for solution providers. The entry-level program, SecurWorld Access Partner, provides access to the RSA SecurWorld Partner Portal, which is a partner locator service, access to deal registration, and volume rebates and technical support at a discounted rate.
A SecurWorld Solutions Partner receives the same support, but also is eligible for certification rebates, free technical support, free not-for-resale kits, lead management and eligibility for MDFs, access to invitation-only events and early availability programs.
Margins vary based upon software sales, hardware sales and volumes. Other revenue opportunities include rebates for meeting certification requirements, a deal registration program and volume goals. The company also offers the SecurWorld Rewards Program incentive card, which offers cash payments on a debit card.
RSA's channel program does an excellent job of bringing the RSA technology to those resellers who can install and support it, while building ongoing revenue.
