FAQ for SafeConnect SDP

What is the cost for SafeConnect NAC customers?
SafeConnect NAC customers get a 100 concurrent device license for SafeConnect SDP along with their annual renewal of their subscription/support of SafeConnect NAC.

Does Impulse host the SDP server?
The SDP controller and Gateway are currently hosted in the AWS cloud in a highly available configuration. Going forward, we also plan to offer an on-premise, Private SDP Gateway for added security.

What is the SDP Gateway?
The SDP gateway is a highly available AWS instance that hosts the SafeConnect SDP service. Once authenticated to SDP, any user traffic bound for protected networks, will pass through the SDP gateway. This means you can simplify your firewall rules greatly, by only allowing access to critical IPs and ports from the source IP(s) of the SDP gateway.

Why do you mention SalesForce? Since the service is hosted on their cloud, should it not be secure on their end?
As alluded to above, SalesForce can limit access unless to connection originating from the SDP Gateway. This provides immediate visibility and control regarding users accessing SalesForce. On the roadmap, we plan to offer an option to validate a hardware endpoint's status before allowing it to authenticate to SDP. This would let you specify that only devices with a valid SSL certificate, disk encryption and up to date, running anti-virus, could access your private data on SalesForce or other SaaS providers.

What applications on campus can we access using SafeConnect SDP?
Remote users connecting to your campus via SafeConnect SDP can access an IP- or port-based resource on your network. You can define per user, or per role (for example LDAP OU, or SAML attribute), which specific IPs and ports users will have access to. For example, your network admins might have access to your switch fabric on port 22, while your AD admins might have RDP access to your DCs, and your desktop support people might have Team Viewer access to only the networks they usually work with. Once again, some cloud-based applications allow you to define acceptable source IPs for user connections. In those cases, you could specify that only the IP of the SDP gateway is allowed to connect. In that way you could mandate that only authenticated users with the SDP client installed, could have access.

Our ERP (Jenzabar) server is SQL based with an ODBC connection for clients, it is not web-based. Does SafeConnect SDP support this configuration?
We support non-web-based connections as long as they flow over IP. Most databases are using TCP/IP these days for network connectivity.

Can an on-premise application be accessed through SDP remotely? If it is, can the local people get through or do they "have hoops to jump through"?
This is completely up to the customer. With that said, for security and consistency, we would recommend gating internal access through the SDP gateway as well. This is especially relevant since many bad actors are connecting from inside the network. We access our Wiki and ticket tracking systems via SDP from the internal network, and the end user impact is minimal. Other configurations are supported as well of course, and we'll be happy to discuss the details with you if desired!

Does SafeConnect SDP allow access to files remotely via Microsoft file shares?
Yes.

Does SafeConnect SDP require a certain version of SafeConnect?
No, SafeConnect SDP is a separate product and license. Tighter integration with the SafeConnect proper is on the roadmap, but you will always have the option to use SDP regardless of whether SafeConnect is deployed.

Does SafeConnect SDP require a virtualization environment?
No, the SDP gateway lives in the AWS cloud and is independent of your hardware or VM infrastructure.

What will future costs be?
We are still investigating the pricing structure, but we plan to be aggressively competitive vs. other players in the marketplace. As mentioned above, customers who participate as Development Partners will receive generous pricing considerations when the product goes live.