Cloud Secure Overview
Cloud Secure provides secure, seamless, and compliant access to cloud resources on a hybrid IT environment where companies are combining the best of the cloud with their own localized data centers.
Product Briefing
Cloud Secure is a solution, which integrates multiple Pulse Secure products for seamless secure access in a hybrid IT environment. The solution includes the following components:
•Pulse Connect Secure (PCS) – PCS provides VPN connectivity with granular access control and wide array of authentication mechanisms. PCS also acts as a SAML Identity Provider (IdP) and provides Single Sign-On functionality for Cloud Secure.
•Pulse Workspace (PWS) – Pulse Workspace acts as the Mobile Device Management (MDM) Server for Cloud Secure solution. Cloud secure users must register their mobile devices with Pulse Workspace. As part of registration, the relevant Profiles and Cloud Apps get automatically provisioned to mobile device to enable Secure Single Sign-On capability on that mobile device.
•Pulse Secure VPN Client – Pulse Secure Client provides VPN connectivity based on authentication and SSL/IPSec encryption between the user’s device and PCS. Pulse Secure Client enables secure connectivity to corporate applications and resources based on identity, realm and role. Pulse Secure VPN Client is supported on both desktop (Windows, Mac OSX) and mobile (iOS and Android) platforms. Cloud Secure delivers per application VPN connectivity for mobile devices, enabling IT teams to create more transparent and highly secure mobile app experience for their mobile users. The significant benefit of the Cloud Secure solution is that all these happen seamlessly in the background without user’s VPN client initiation.
•Pulse Policy Secure (PPS) – PPS provides network access to On-Premise users after authentication and compliance posture assessments.
•Licensing - Cloud Secure is a licensed feature. For any existing deployments/users upgrading to Release 9.0R3. Admin should procure and install the Cloud Secure license to use the Cloud Secure UX and features. A warning message to procure license is displayed on the Cloud Secure dashboard page for the existing users.
For more information on how to apply and install license, see License Management Guide.
Salient Features of Cloud Secure
The key features of Cloud Secure are:
•Single Sign-On (SSO) - Cloud Secure supports SAML based SSO which allows pre-authenticated users to access resources without entering credentials again for applications which are accessed. It also tunnels authentication exchanges between client and PCS thus providing Secure Single Sign-On to SaaS, Cloud, and Enterprise hosted resources.
•Single Logout (SLO) - Single Logout allows administrator to deny user access to services and initiate Single Logout in the following scenarios when: the machine goes out of compliance during a session, the user session times out, the administrator deletes the session in PCS configured as IDP, or the user logs out from PCS (as IDP) landing page.
•Compliance - Cloud Secure leverages Pulse Secure’s Host Checking capabilities in desktops and MDM device attributes in mobile devices to give best in class compliance posture assessment capabilities and allows for varying levels of access based on device compliance and well as user-based information.
•Mobile-Ready - Cloud Secure integrates with Pulse Workspace and leading EMM solutions for compliance enforcement and for BYOD container security.
•Extensible Identity Management - Cloud Secure integrates well with Third-Party Identity Providers (IdP) to support existing customer deployments that have already implemented these Identity management solutions.
•Role Based Access Control - Cloud Secure supports Role Based Access Control (RBAC) feature to provide access control for cloud services based on the roles assigned to users.
•Compliance Failure Notification - Cloud Secure supports notifications for compliance failure scenarios. A remediation notification helps notify end users about the reason of failure and the necessary steps to get the device into a compliant state.
•MDM Servers - Cloud Secure integration with MDM servers helps in better management of mobile devices by keeping the corporate data secure from personal data. In addition to this, better compliance rules and enforcement methods are possible with device attributes retrieved from MDM servers.
•On-Premise SSO - Cloud Secure supports SSO for On-Premise users authenticated to Pulse Policy Secure (PPS). This is done by sharing session information from PPS to PCS through IF-MAP federation and removes the need to establish a VPN tunnel directly to PCS.
•Cloud Secure Configuration Simplification through new Admin Interface– Cloud Secure configuration is made simpler through a simplified and intuitive admin interface. This enhances the admin experience and helps them by prepopulating the relevant settings, reuse existing configurations and guide them with insightful help sections.
End-User Platform Support Matrix
Cloud Secure is supported on the following end-user platforms for seamless cloud services access:
•iOS 9.x onwards
•Android with AFW support (5.1.1 onwards)
•Windows 7, Windows 8, Windows 8.1, and Windows 10
•Mac 10.11 onwards
Third-Party Integration Support
Cloud Secure provides great level of flexibility with integration to various Third-Party vendors as mentioned below:
•MDM Vendors – Cloud Secure seamlessly integrates with Third-Party MDM servers to provide Secure Single Sign-On for configured SaaS applications from compliant mobile devices. Cloud Secure supports integration with AirWatch and MobileIron.
•IdP Vendors – Cloud Secure solution provides Secure Single Sign-On for Cloud Services using Third-Party SAML Identity Provider (IdP). In this integrated solution, Third-Party IdPs act as both IdP (for Cloud Services) and Service Provider (SP for PCS). Cloud Secure solution supports integration with Ping One, Okta, and AD FS.