User Guide
OmniAccess 3500 Nonstop Laptop Guardian Release 1.2
6
O
NE
T
IME
P
ASSWORD
If the laptop is locked by effect of an anti-tamper control action but a legitimate need
remains to use the laptop, the administrator can pass to the end user a one-time
password that unlocks the laptop for a limited amount of time (set by the
administrator).
R
ADIO
P
ASSWORD
The card includes a power button to switch off the 3G modem when required by
specific regulations (e.g., in an airplane that is taking off or landing). However, it is
generally not desirable to leave the 3G modem off for a prolonged time. To discourage
the end user from doing so, the laptop automatically locks after the 3G modem
remains off for a time of configurable duration (set by the administrator). The
legitimate end user can unlock the laptop using the Windows logon password.
Applications
A
UTO
-VPN
The OmniAccess 3500 NLG supports transparent IPsec-based secure connectivity to the
enterprise network. The user has no involvement in the establishment, maintenance,
and interruption of the secure access session. The card embeds a standards-based
IPsec client that automatically establishes and maintains the IPsec tunnel to the
enterprise network. The end user is not required to supply a separate set of
authentication credentials to establish the connection. The usual authentication
mechanism (e.g., submission of Windows NT credentials) is used to obtain access to
the enterprise network (single sign-on feature).
R
ADIUS
B
ASED
A
UTHENTICATION
RADIUS-based authentication can optionally be added for network access. As a result,
various authentication methods that rely on RADIUS for their message exchanges (e.g.,
SecureID) can be adopted for end-user authentication. The RADIUS-based mechanism
can either coexist with an Active Directory infrastructure or operate in complete
autonomy.
M
OBILITY
M
ANAGEMENT
The OmniAccess 3500 NLG supports the automatic and manual transfer of the laptop
access link (vertical handover) between heterogeneous access networks (Ethernet, Wi-
Fi, 3G cellular). The IP address seen by the applications does not change during the
handover, so that the network application session remains intact at every network
transition.
P
ERSONAL
F
IREWALL
The OmniAccess 3500 NLG card includes a personal firewall for protection of the end
user laptop. The administrator manages the set of packet filtering and application
filtering rules that drive the operation of the personal firewall, called the personal
firewall policy, through the management system. The packet filter component of the
personal firewall supports stateful packet inspection (SPI) for all traffic that the laptop
exchanges in both directions with the access network. The application filter restricts
the set of laptop applications that are allowed to open network connections.