The flagship offering from Apere, the Identity Managed Access Gateway--or IMAG--is a 1U appliance that combines two primary features: the ability to manage identity information across multiple, disparate identity stores throughout the network (identity management); and the ability to control access to network resources based on the criteria defined within these identity stores (access control). The box includes three 10/100/1000 ports (two for traffic, one for management) and can be deployed on the network as an inline appliance (passive when in monitoring/learning mode, active otherwise). Throughput is listed at 600 Mb/sec.

For Identity Management, the appliance first discovers--through an AutoLearn tool that automatic analyzes existing traffic--identity stores throughout the organization. After identifying these stores--along with their location and functionality--and receiving administrative access to them, the device can gather the identity information they contain, automatically correlating the information, and consolidating it. The "cleansed" list is then pushed back to the stores themselves. Security managers can then use the appliance as a central point through which to manage the identity stores; adding, removing, or editing identities as needed. Workflow features are provided, as is a user self-service password reset function. For compliance purposes, reporting functions are included for the viewing of organizational identity access information.

To allow the IMAG to interact with the discovered identity stores in the organization, the vendor supplies connectors. Native connectors are provided with the appliance that facilitate communications with AD, LDAP, Samba, ODBC/JDBC, eDirectory, and CSV stores. Additionally, the "Connector Factory" allows for integrated communications with specific applications, allowing them to be folded into the mix of recognized stores managed by the IMAG. The Connector Factory is available by subscription, and is offered in several flavors. The Enterprise version provides communications with common business apps and systems such as Siebel, PeopleSoft, SAP, etc. Other Connector Factory offerings focus on more vertical application environments, currently including a Health Care Connector for apps such as SAS, McKesson, and Epic; and a Financial Connector for apps including Harland, Metavante, and Fiserv. Connector Factory also enables the creation of custom connectors for custom user applications; which are designed and built through the vendor's certified partners.

In addition to management, the appliance also includes the ability to enforce access restrictions on the network, permitting or denying user traffic to specific resources based on their allowed access rules. The IMAG appliance does not create and enforce its own access policies for network access control; rather, it integrates information from all of the existing, identified identity stores and applies it to the user's traffic. Access control features of the appliance include support for VLAN roaming; an authentication proxy that supports the binding of the user's identity to their device; and support for active/passive or active/active HA deployments. An IMAG Sync feature allows for the synchronization of access rights and policies across IMAG appliances; such Sync can be performed in-band or out-of-band.

IMAG is available now; pricing starts at $15,000. Connector Factory subscriptions start at $7,500/year.

Visit the Apere Web site for further information.