Netgard Secure Scanning for US DOD and Federal Agencies Before

Transcription

12/16/2011
SYS211 e-Le@rning:
Netgard Secure Scanning
for U.S. DOD and Federal Agencies
Presenter: Henry Gold
Business Area Manager
API Technologies
Before we begin…
Please silence your cell phones
Keep background noise to a minimum
Do not put your phone on HOLD
Please let instructor know if anyone else
is sitting in with you
The phone audio will be muted - Please
save questions until the end or submit
text based questions as we move
through presentation
Toshiba Academy Systems e-Le@rning Program
1
12/16/2011
Have questions?
Submit text based
questions
via the Q&A pod
Your Status
Throughout the program, we will ask
you to respond by indicating your
“Status.”
When asked please use the “Status
Options” drop-down button, located
at the top of your screen.
Set your status now by indicating:
“Agree”
9
2
12/16/2011
e-Le@rning Goals
The goals of today’s e-Le@rning session are…
Introduce the new Netgard MFD security solution that will
help facilitate sales to U.S. DOD (and soon civilian
agencies)
How does Netgard relate to GSA?
Reduce your sales cycle
Provide you with product training to get you started with
Netgard
N
d MFD
e-Le@rning Objectives
Upon completion of this course, you will be able to:
¾ Build your knowledge of a key Security requirement to deploy
systems to the U.S. DOD and Civilian Agencies
¾ Give you the tools needed to close business with the U.S. Gov.
¾ Provide the necessary skills to install this solution
3
12/16/2011
Agenda
1. API Technologies Introduction
2 Netgard™ Overview
2.
3. Physical Installation and Technical Overview
4. Live Q&A Discussion
API Technologies Introduction

Who is API Technologies?
Featured Customers
The Customer Need
Toshiba Academy MPS Certification Program
4
12/16/2011
Company Snapshot
Prime contractor in sophisticated
electronics, highly engineered systems,
secure communications and electronic
components and subsystems to the global
defense and aerospace industries

Publicly traded (ATNY.OB)
Revenues of over $380M
2000 Employees
Key product focus
¾ Defense & Aerospace Products & Services
¾ Systems
S t
& Engineering
E i
i S
Services
i
¾ Secure Communications Products &
Services
¾ Components & Subsystems
Featured Customers
US & International Government Agencies
Leading Government & Defense Contractors
5
12/16/2011
The Customer Need
DOD Requirement:
¾ All multi-function devices (MFDs) that can
transmit scan jobs over the LAN must be
secured by a Common Access Card (CAC)
that will verify and authorize the user before
a scan-to-network function is permitted
(STIG)
¾ Expanding security to “Copy” function &
“Print Release”
¾ Seeing
g requirement
q
at Civilian Agencies
g
(PIV card)
HSPD‐12
HSPD
12
CAC & SMARTCARD Deployments
17 million cards issued to date
5.5
5 5 million active cards are in use
today
Today CACs are:
¾ The standard at more than 1,000 sites
¾ Used in over 25 countries
To date the DoD has deployed
p y over 1
million card readers and associated
middleware around the world
6
12/16/2011
Netgard Overview

How it works
Authentication Options
Value Proposition
Netgard: How it Works
End Users Brings their CAC
Card to our Device
They insert their CAC Card in
the reader
They enter their Pin Number
The Server Verifies
Status/ Job
Cancel
Copy
Program
Send
Application
Document Box
Credentials(OCSP/LDAP/AD)
Operation Panel Access
Granted
OCSP/LDAP/AD
OR
Operation Panel Access Denied
7
12/16/2011
Connectivity
•
•
•
•
Simple, in‐line Ethernet connection
Web‐based remote admin
Integrates with Active Directory and/or PKI
Supports CAC PIN, X.509 certificate, LDAP, PKI and OCSP
Live Video Demonstration
8
12/16/2011
Important Facts
Conforms to DoD requirements
Works with all major copier models
Support for CAC/PIV V1 & V2
Special security features:
¾ FIPS 140-2 & 201
¾ Email encryption & signing
¾ Confirms identity of sender
Added security on Scan-to-Email feature replaces the “From”
“Reply-to” and “Sender” fields with CAC user’s email address
(obtained from CAC or LDAP)
Netgard Customers / Deployments
Over 3000 Netgard™ devices are currently deployed in all
branches of armed services:
Air Force (Andrews, Ramstein, Bolling & Hill AFB)
Army (Aberdeen, Fort Collins)
Army National Guard
Army Reserves
Navy (Jabuti Naval Base)
DAPS/DLA
9
12/16/2011
Configurable Authentication Options

PIN (Default, Always ON)
¾

User’s PIN is used to unlock the CAC.
X509 validation (requires issuer certificate)
¾
CAC certificate Challenge/response
¾
Requires issuer certificate
OCSP
¾
User’s certificate is sent to OCSP server for revocation check.
¾
Requires issuer certificate
LDAP/LDAPS (anonymous and non-anonymous)
¾
LDAP lookup is performed to ensure the user is valid
¾
LDAPS requires server certificate
¾
Non-anonymous lookup requires username and password
Kerberos
¾
Network PKI authentication
How Does the Netgard Affect the Printer/MFP?
No adjustment to the Copier/MFP is required – the
Netgard MFD connects the MFP to the LAN and
handles all network traffic control.
Windows users see no difference when they print to
the Copier/MFP or add a printer.
Administrators may connect to Copier/MFP and
manage it using the browser interface as normal.
Other Copier/MFP communication, like the Printer
Monitor Utility (SNMP based), is unaffected as well.
10
12/16/2011
Value Proposition
Quick to market CAC/PIV – Secures Scan to Network.
¾ No custom development needed on MFD
MFD agnostic
Easy to deploy
With over 3000 devices deployed…field tested
Significant investment – core competency
Priced right
Additional Points
Next release will support GSA PIV (1st half 2012)
Secure Print Release - Print to cloud with NSI
Scan to home – Utilizes NSI Autostore
11
12/16/2011
Physical Installation

Let’s Install Netgard
Connectivity and Physical Connections
Local Access Via IP Connection
Basic Configuration
Setup of MFP
Advanced Authentication Options
Netgard Maintenance
Pre-Installation Checklist
Troubleshooting
Connectivity
12
12/16/2011
Physical Connection
Make connections
¾ Connect CAC Reader to USB port
¾ Connect base network to LAN port
¾ Connect copier to DEV port
¾ Connect computer to MGMT port (no crossover needed)
¾ Connect Vend cable via USB port (optional)
Power up
p unit (~60
(
seconds to boot))
Initial Install Requires Local Access
Via IP Connection
13
12/16/2011
Administering Netgard MFD
Administer Netgard by plugging directly into the Ethernet
Management (MGMT) port.
¾ Set computer IP to:
IP: 192
192.168.20.20
168 20 20
Subnet: 255.255.255.0
Gateway: 192.168.20.1
Use FireFox web browser to administer Netgard
https://192.168.20.1:8080
Login
g information
¾ ID: admin
¾ Password: password
For additional details see the quick install guide.
GUI
14
12/16/2011
Netgard Homepage
Tour of UI
Basic Configuration
15
12/16/2011
Network configuration (Step #1)
Click on the “Network” Tab
Set IP addresses
¾ Set the Netgard’s Lan
Address If DHCP write
Address.
down the IP address.
¾ Tell the Netgard the IP
address of the Printer
¾ Click the “Apply” button
Set Copier IP:
IP: 192.168.10.30
Subnet:255.255.255.0
GW: 192.168.10.1
Additional configuration
optional
Scan Setup (Step #2)
Click on the “Scan Setup”
button
Enable Required
f
functionality
ti
lit
¾ Email
Set SMTP server IP
Scan to self?
Encryption & Signing
¾ FTP
Append file header name?
¾ Click the “Apply” button
16
12/16/2011
Scan Setup (Step #2 cont.)
Enable SMB
Open F/W when CAC
authenticated?
Set NSI/Autostore
information
Click the “Apply”
button
Netgard Admin (Optional)
Click on the “Admin”
tab
Turn on Management
port on LAN Port so
Administer Netgard
remotely
Define an ACL
17
12/16/2011
User Administration
Click on the
Admin->Users
t b
tab.
Add a new
“Admin” level
user
Delete the
default admin
user.
Initial Netgard Configuration Complete….
Now Setup MFP
18
12/16/2011
MFP Configuration
Set Copier IP address to address configured in the first
p (default
(
= 192.168.10.30))
step
Setup Scan to Network functionality
¾ Same configuration as if copier was sitting on customer network.
¾ If Email set to “Send to Self” add one “Destination”
IP Configuration on e-STUDIO MFP
IP address =
192 168 10 30
192.168.10.30
Subnet Mask=
255.255.255.0
Gateway =
192.168.10.1
19
12/16/2011
Test Basic Functionality
Authenticate with a CAC and test
¾ Scan to email,
email Scan to SMB
SMB, Scan to FTP
¾ Perform same test without CAC
Browse to Copier
¾ Use “LAN” IP address of Netgard (http://10.10.3.153)
Test Print functionality
¾ Use “LAN”
LAN” IP address of Netgard
Advanced Authentication Options
20
12/16/2011
Authentication Screen
• Authentication Options
•
•
•
•
X.509 – Local certificate authentication
OCSP – Revocation List
LDAP – Active Directory Lookup
Kerberos – Authentication Toshiba Academy Systems e-Le@rning Program
Additional Configuration for X.509
Click on Scan Setup-> Certificates button
Upload Certificates (chain of trust)
¾ “Upload Trusted Certificates” button on the right hand side
¾ Certificates must be in Base-64 encoded format (pem file extension)
Point the Netgard to a NTP server to ensure the Date/Time is properly
set (Admin->Time Zone)
21
12/16/2011
Netgard Maintenance
Configuration Management

Go to the Admin->Utilities
Backup and restore a device configuration
Perform a Netgard Upgrade
Reboot the device
22
12/16/2011
Pre-Installation Check List
Pre-Installation Checklist
Netgard IP address (Subnet & Mask)
¾ May need to provide MAC address
¾ DNS IP
SMTP IP address
NTP IP
Root & intermediate certificates
OCSP URL
LDAP iinformation
f
ti
¾ IP, Login, Search details
CAC card available for testing
23
12/16/2011
Troubleshooting
Can’t Get to Management Port?
1) Check Computer’s IP address
IP: 192.168.20.20
Subnet: 255.255.255.0
Gateway: 192.168.20.1
2) Confirm that your computer IP address changed:
Open Command Window (run>CMD)
At the prompt type IPCONFIG
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix
. :
IP Address. . . . . . . . . . . . : 192.168.20.20
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
3) Start a New web browser session (Firefox)
Ensure that the URL is correct https://192.168.20.1:8080
24
12/16/2011
Diagnostics & Logs
Troubleshooting Scan to Email
Confirm that the Netgard configuration is correct:
¾ Email configuration
Scan Setup->Scan to Network->Enable Email
Scan Setup
Setup->Scan
>Scan to Network
Network->Server
>Server IP address correct
¾ Copier device (Network->Configuration->Copier IP Address)
Confirm that the Netgard can ping the copier & SMTP server
Take Netgard out of loop to ensure copier setup
Confirm that the user successfully completed the CAC
authentication.
¾ Reader displays “Ready to Scan”
Capture email session to determine root cause
¾ Monitoring->Diagnostics->Packet Trace->Network Select (LAN and
MFD)
25
12/16/2011
Troubleshooting
CAC authentication failure
Start off simple - Add layers of authentication to
ensure configuration
g
is correct
Confirm that the Netgard can ping the OCSP, LDAP
server
Take Netgard out of loop to ensure copier setup
Capture failed authentication session to determine
root cause
¾ Monitoring->Diagnostics->Packet Trace->Network Select (LAN
and MFD)
Wrap-up
Additional Materials from API Technologies
¾ User Guide
¾ Quick Install Guide
¾ Installation & Configuration Videos
¾ Product Catalog
Negard MFD Community on
Toshiba eXCHANGE
Software & Services > Security > Netgard MFD
26
12/16/2011
API Technologies Netgard
Technical Training Certification Process
1. There are no prerequisites for the course
2. A Tech ID is REQUIRED to access API Technologies
Netgard CBT/Certification Test
¾ If you do not have a Tech ID, please see you local FYI SIS Admin to
add you to the Service Group and request a Tech ID at:
¾ FYI > Training > Service > Dealer Administration > New Tech Application
3. Once you have a Tech ID have your Service Manager enroll
you in:
¾
CBT course 12199: API Technologies Netgard
4. A dealer technical representative must pass the technical
CBT to be eligible to purchase Netgard solution
API Technologies Netgard
Sales Training Certification Process
Pass the “73. API Technologies Netgard Certification Final
Exam” on FYI
FYI > Training > Sales > Testing > Product Knowledge Testing
¾
Must score of 80% or better to pass
27
12/16/2011
Questions
Thank you for attending!
Product Support
[email protected]
+1 (908) 546-3900 option 8
Henry Gold
+1 (908) 546-3907
[email protected]
28
12/16/2011
Eric Roskelly
Digital Training Manager
973-316-2700 Ext #42730
[email protected]
Please advise us if you have not registered!
Rob Troxel
888-343-6245 Ext #5602
[email protected]
29
12/16/2011
Dean Tamashiro
949-462-6927
[email protected]
30