JUMP IN. THE MOBILE WATERS ARE FINE.

AG SERIES DATASHEET

SECURE ACCESS GATEWAYS

AG Series secure access gateways provide scalable and
controlled remote and mobile access to corporate networks,
enterprise applications and cloud services for any user,
anywhere on any device.

Powered by Array’s 64-bit SpeedCore™ architecture, AG Series secure access gateways are the ideal choice
for enterprises and service providers seeking scalable and flexible secure access engineered to support next-
generation mobile and cloud computing environments. Available as high-performance appliances that feature the
latest in hardware acceleration and energy-efficient components or as virtual appliances that enable flexible pay-as-
you-go business models, AG Series appliances are unmatched in their ability to provide remote and mobile access
to large and diverse communities of interest without compromising security or the end-user experience.
 A G S E R I E S D ATA S H E E T

Highlights & Benefits

• Anytime, anywhere browser-based secure • High-performance 2048-bit SSL encryption

remote access, enables increased productivity
• Supports a range of AAA and dual-factor
for employees, partners, tenants, customers,
authentication schemes
contractors and guests
• Endpoint security including device-based
• Simple, scalable and secure remote desktop that
identification, host-checking, cache cleaning and
enables use of PCs and virtual desktops from
adaptive policies
any device in any location
• Per-user policy engine for identity-based access
• Secure mobile access for individual native and
to URLs, files, networks and applications
Web applications for supporting bring your own
device (BYOD) or secure access from managed • Cross-platform support for a range of operating
smart phones and tablets systems and browsers
• Hardware appliances supporting up to 3 Gbps • Array Business Continuity (ABC) contingency
throughput, 128,000 concurrent users and licenses for affordably supporting surge remote
500,000 user profiles for maintaining security and access
driving productivity at scale
• N+1 clustering and redundant power for
• Virtual appliances with non-disruptive upgrades business-critical application environments
up to 10,000 concurrent users and up to 500 requiring 24/7 uptime
Mbps throughput
• Compact 1RU and 2RU form factors for
• 256 secure access portals, customizable to the environments where space is at a premium
security and usability preferences of multiple
tenants and communities of interest • Familiar CLI, intuitive WebUI and centralized
management for ease of use and configuration
• Range of access methods including Web,
Layer-3, thin-client and client-server connectivity
 A G S E R I E S D ATA S H E E T

Integrated Secure Access desktops from any remote location – whether they
are at their home office, a customer or partner site
Array AG Series secure access gateways integrate
or on a tablet or smart phone.
SSL VPN, remote desktop access and secure
mobile access to deliver scalable and flexible secure Remote desktop access is different from traditional
access for both remote and mobile users. VPN access. Because sensitive files and data never
leave the corporate network and never reside on
From a single platform, secure access can be
remote and mobile devices, security is assured.
enabled for multiple communities of interest
including employees, partners, guests and Leveraging existing office PCs and unique Array
customers. remote desktop technologies such as user self-
registration and wake-on-LAN, remote access and
In addition, AG Series physical and virtual
BYOD can be extended enterprise-wide in a manner
appliances support next-generation “any-to-any”
that is both secure and cost-effective.
secure access via robust feature sets for bring your
own device (BYOD) and controlled access to cloud
services. Secure Mobile Access
In addition to supporting remote desktop for iPhone,
SSL VPN Remote Access iPad and Android devices, AG Series appliances
also support secure access for native business
SSL VPN secure remote access enables anytime,
apps and HTML5 apps developed for mobile
anywhere access to business applications –
environments.
increasing productivity while maintaining security
and compliance. Users need only a common Web Installing Array’s MotionPro™ mobile client on
browser to quickly and securely access resources tablets and smart phones, native business apps can
and applications for which they are authorized. be authorized for specific users and automatically
installed on end-user devices from an integrated
Using SSL, the security protocol present in all Web
enterprise app store. HTML5 apps can also be
browsers, AG Series appliances can enable a range
provisioned on a per user basis and are accessible
of remote access methods across a broad spectrum
from a secure browser within the MotionPro mobile
of managed and unmanaged devices.
client.
Web applications can be made available within
Mobile VPN connections may be enabled per
a secure Web portal, while network-level
application, and applications may be authorized per
connectivity and connectivity for specific client-
user at the administrator’s discretion; moreover, all
server applications over SSL can be enabled via a
data associated with enterprise apps are stored in a
universally-compatible client.
secure container to prevent data leakage.

Remote Desktop Access In the event that devices become lost or stolen,
contents of the secure container may be remotely
Remote desktop access allows employees to
wiped; in addition, device-based identification may
access their work PCs and laptops from any location
be used to prevent future connectivity to the Array
as if they were in the office. Using remote desktop,
appliance from lost or stolen devices.
workers can control their physical and virtual office
 A G S E R I E S D ATA S H E E T

Virtual Portals End-to-End Security

Built on Array virtualization technology, AG Series A dissolvable client-side security agent mitigates
appliances can support up to 256 secure access network or resource exposure by enforcing pre
virtual portals to meet the unique needs of multiple and post-admission policies and adapting access
user groups and tenants. Each virtual portal is fully rights to suit changes in the client environment.
independent, with separate management, access Host-checking verifies device and user identity,
policies, access methods and resources. and ensures clients meet pre-defined security
parameters (anti-virus, anti-spyware, personal
Built-in templates make creating virtual portals easy,
firewalls, patches, service packs) and determines
and provide a starting point for further customization.
adaptive policies. For additional control, cache
In addition, features and functions can be
cleaning can be enabled to wipe cached information
seamlessly integrated into existing Web pages and
from devices when sessions end.
custom layouts with minimal effort using Array portal
theme technology. All traffic between clients and the Array appliance is
secured via 2048-bit SSL encryption, and a security-
Per-User Policy Engine hardened OS ensures that Array appliances are as
secure as the networks and resources they protect.
AG Series appliances enable access policies on
Layer 2-7 authorization provides granular access
per user basis. In addition to validating hardware
control based on user identity and role within the
IDs, AG appliances check remote devices for
organization and auditing tracks all activity on a per-
required service packs and anti-virus software
user, per-event and per-resource level.
before granting access to protected networks and
resources.
Acceleration & Availability
Roles may be assigned based on username, group
Security often comes at the expense of performance
name, source IP, login time and authentication
and ease-of-use; in other words, secure access
method and can specify which resources are
won’t enhance productivity unless users find it
available to which access methods. Each role may
fast and friendly. To ensure both performance and
be assigned different resources and QoS policies.
security, AG Series appliances support integrated
With capacity for 500,000 users in its local application acceleration features including
database, access policies can be stored on the connection multiplexing, SSL acceleration and
Array appliance or can be provided via integration compression.
with external AAA servers. In addition, SSO settings
Deployed at the largest enterprises and service
can be customized to store multiple usernames and
providers in the world, AG Series appliances
passwords for different backend application servers.
have proven their reliability – tallying up years of
Moreover, authentication may be set such that flawless performance in demanding production
users must authenticate to multiple AAA servers for environments. In the event of a failure, Array N+1
added security, in a manner similar to multi-factor clustering technology ensures a transparent and
authentication. unaffected end-user experience.
 A G S E R I E S D ATA S H E E T

Management & Reporting helpdesk calls are the last thing you need in an
emergency, Array offers the unique ability for
AG Series appliances offer both a familiar CLI
first time users to log into a company URL and
and an intuitive Web user interface that can easily
immediately see their familiar work desktop.
be customized to create streamlined, integrated
management systems. Monitoring is made simple 10-day contingency licenses are available in
with SNMP-based monitoring tools, and with support increments from 25 to 12,000 concurrent users and
for XML-RPC, a range of third-party applications can are activated by exceeding a base concurrent user
be used to automate management tasks. license. Once activated, ABC contingency licenses
augment standard concurrent user licenses for a
In addition, up to 100 AG appliances can be
period of one day. If usage returns to normal, the
managed centrally to provide a single point of
ABC contingency license is reduced by one day. If
configuration, monitoring and reporting for Array
usage continues to exceed the standard concurrent
products.
user license, the ABC contingency license is
reduced one day at a time until usage returns to
Integration & Extensibility normal.
Taking advantage of extensible APIs, IT can
marry secure access intelligence with threat and Product Editions
risk management platforms, virtual management
AG Series physical appliances and vxAG virtual
platforms, and custom solutions for reporting,
appliances support three product editions:
billing, SLAs and vertical-specific requirements.
AccessDirect™ enables SSL VPN remote access,
Developers can also create custom native apps
DesktopDirect™ enables remote desktop access
with built in security for mobile environments. From
and MotionPro enables secure mobile access. In
providing real-time usage intelligence to seamlessly
addition, all product editions support ABC business
interacting with 3rd party secure access and
continuity contingency licenses.
application delivery technologies to integrating with
cloud management systems, the power of AG Series
APIs is unprecedented. Physical & Virtual Appliances
AG Series physical appliances leverage a multi-
Array Business Continuity (ABC) core architecture, hardware SSL acceleration and
compression, energy-efficient components and 10
Secure access is a compelling technology for
GigE connectivity to create solutions purpose-built
business continuity planning; however, many
for scalable secure access.
vendors require businesses to buy contingency
licenses outright and most competing products are Available for common hypervisors, vxAG virtual
designed with only enough capacity to support the appliances are ideal for organizations seeking to
limited needs of day-to-day remote access. benefit from the flexibility of virtual environments,
offer infrastructure services and new elastic
Only Array has the scalability to support an entire
business models or evaluate Array secure access
workforce on a single system while maintaining a
with minimal risk and up-front cost.
premium experience for each user. And because
 A G S E R I E S D ATA S H E E T

Feature Specifications
Access Methods

Clientless: 100% clientless – Supports HTML, JavaScript and plug-in parameters – Ensures
Web Access proper function of applications beyond the corporate network – Masks internal
DNS and IP addressing – Supports browser-based access from any device –
Web file sharing

On-Demand Client: Pre-installed or Web-delivered client through Java or ActiveX – L3, L4 or auto-
Network & Application select tunneling – Auto-launch upon login, transparent to users – L3 & L4 for
Access Windows XP (32-bit), Windows 7 (32/64-bit), Linux, MacOS – Split tunneling and
full tunneling control, create tunnel through HTTP forward proxy – Supports any
IP application including TCP, UDP, NetBIOS, Outlook, Terminal Devices, FTP,
CRM and all CS and BS applications – Internal static and dynamic IP address
assignment and external DHCP server IP address assignment – Network drive
mapping – Auto-launch of network scripts and commands – Differentiated
configurations per user or group roles – Stand-alone, command line and SDK for
Array VPN client – Multi-language support – Detailed traffic logs

Thin Client: Utilizes local RDP client (RDP 5.0 or higher) – RDP auto-update/deployment
Remote Desktop – User parameters including screen size, color depth, sound and redirection (if
Access permitted) – Multiple monitors – Performance tuning – Redirection control for
drives, printers, ports, smart cards and clipboards

Mobile Client: MotionPro native app for secure mobile access for iPad, iPhone and Android
Secure Mobile Access devices – Downloadable from Apple AppStore and Google Play marketplace
– Enterprise app store – Automated app installation – IPSec and SSL mobile
VPN – Per application VPN – SDK for native 3rd party apps with integrated
application level VPN – Secure browser for Web & HTML5 applications
 A G S E R I E S D ATA S H E E T

Client-Side Security

Host Checking Verifies device state prior to granting access – Scans for personal firewalls, anti-
virus, anti-spam and service packs – Custom rules for a range of apps, registry
checks and patches – MAC address or hardware ID validation

Adaptive Policies Access level conditional on end-point status – Integrated policy management

Cache Cleaning Wipes all stored browser information upon session termination – Per-session
with idle timeout and browser closure

End-Point Security Device-based identification, data container and remote wipe for mobile
devices – Anti-key logging and anti-screen capture for remote PCs

Server-Side Security

Gateway Security-hardened OS – Passive and active Layer-7 content filtering – Permit or

deny policies – DDoS prevention – Reverse-proxy network separation

Encryption TLS 1.0/SSL 3.0, TLS 1.1/1.2 – AES128-SHA, AES256-SHA, DES/3DES, SHA/
MD5 – 1024 and 2048-bit keys – SSL session reuse – Certificate field passing to
backend – Online/offline CRL – OCSP

Authentication, Authorization & Auditing (AAA)

Authentication LDAP, RADIUS, AD, LocalDB, RSA SecurID, Swivel, Vasco, custom – 500,000
users in LocalDB – Enable/disable LocalDB user – LocalDB password policy
control – Backup/restore LocalDB – Export LocalDB in CSV format (Excel) – Up
to 1500 logins per second – Certificate-based authentication – Authentication
server ranking (search user credential in multiple servers) – RADIUS challenge
response mode – Restrict login based on date and time – Single sign-on, NTLM,
HTTP basic authentication and HTTP POST – User lock-up by login failure,
inactivity or manually by administrator
 A G S E R I E S D ATA S H E E T

Authorization Granular access control – Role-based access control – Roles defined by

username, group name, login time, source IP and login method – Permit
and deny policies – Authorize user based on MAC address or hardware ID –
Provides high flexibility in configuration and detailed logging – Available desktops
and redirection conditional upon end-points

Auditing Full audit trail in WebTrends WELF format – Logs all user activity (success,
failure, attack) – Syslog – Alarm/trap – Stats/counters – SNMP MIB

Multi-Factor SSL client certificates, RSA SecurID, Entrust, other RADIUS-based

authentication systems – Multiple AAA server authentication

Performance & Scalability

System 64-bit Array SpeedCore multi-core platform – Optimized packet flow with single-
digit millisecond latency – Up to 128,000 concurrent users on a single appliance
– Up to 3 Gbps SSL throughput on a single appliance – Hardware SSL key
exchange and bulk encryption performed in kernel – Connection multiplexing
for optimizing server efficiency and reducing back-end connections – High-
availability and scale out (active/active, active/standby clustering)

Virtualization 256 virtual secure access portals – Single page virtual site creation – Concurrent
user session control per virtual portal – Delegated management – Portal theme
technology for custom virtual portals or integrating with pre-existing Web pages
– Pure Java script-based customization on per virtual portal basis – No external
server requirements – Localized end-user GUI support for English, Japanese,
simplified and traditional Chinese

Management

System Intuitive WebUI – Quick-start wizard – Role-based administration – Strong

Administration administrator authentication – RADIUS accounting – No client installation or
management – Configuration synchronization – Full device backup and restore
including client security, portal theme, SSL certificates, keys, CRL, LocalDB –
User/feature license control – NTP, NAT, RTS, logging
 A G S E R I E S D ATA S H E E T

Centralized Array CMX centralized management appliance – SSH/CLI, SSL/WebUI, SNMP,

Management XML/RPC API – Supports NRS2 (Array Networks multiple system reporting and
analyzing tool)

Array Registration Manual/static registration – User self-registration/automatic registration – Bulk

Technology (ART) registration (import/export from external database) – Scalable to 150K users and
for Remote Desktop 300K desktops – Registration portal wizard – Remote power management via
wake-on-LAN (WoL) technology

Warranty & Support

System 1-year hardware; 90-day software

Support Gold, silver and bronze-level support plans

Array Secure Access Architecture

Mobile &
Remote Access
Public & Private
Cloud

Employee &
Guest Access
BYOD
Office
Workers
 A G S E R I E S D ATA S H E E T

Product Specifications

● = STANDARD O = OPTIONAL

AccessDirect DesktopDirect MotionPro

SSL VPN Remote Remote Desktop Secure Mobile
Access Access Access

Clustering ● ● ●

WebUI ● ● ●

SSL & IPSec Encryption ● ● ●

Virtual Portals 5 Included 5 Included 5 Included

Web Applications ●

L3 VPN Client ●

Host Checking & Cache Cleaning ●

L4 Thin Client ●

Array Registration Technology ●

Wake-on-LAN (WoL) ●

Enterprise App Store ●

Mobile & App VPN ●

Secure Browser ●

Remote Wipe ●

Data Container ●

Additional Virtual Portals O O O

Array Business Continuity O O O

 A G S E R I E S D ATA S H E E T

AG1000 AG1000T AG1100 AG1150 AG1200 AG1500 AG1600

Max. Concurrent Users 300 600 3,000 10,000 25,000 72,000 128,000

Max. Virtual Portals 10 50 256

SSL Processing
Yes
(1024-bit & 2048-bit)

Compression Yes

Interfaces

1GigE Copper 4 4 4 4 4 4 4

1GigE Fiber O O O O O

10GigE Fiber O O

Active/Active
Clustering
Active/Standby

Power Supply Single Single/Dual Dual

Form Factor 1U 2U

Typical Power Consumption 134W 153W 209W

AG1000, 1000T, 1100, 1150,

Single Power: 90-264VAC, 6-3A, 47 63Hz
1200
Input Voltage AG1100, 1150, 1200 Dual Power: 4-2A, 47-63Hz, Auto-Ranging
Dual Power: 100-240VAC; 8.5A; 47-63 Hz
AG1500, 1600
Full-Range Input Redundant, Hot Swappable
AG1000, 1000T, 1100, 1150,
Single Power: 17” W x 15” D x 1.75” H
1200
Dimensions
AG1100, 1150, 1200 Dual Power: 17” W x 19.875” D x 1.75H
AG1500, 1600 Dual Power: 17” W x 21.5” D x 3.5” H
AG1000, 1000T, 1100, 1150,
Single Power: 13.6lbs
1200
Weight
AG1100, 1150, 1200 Dual Power: 17.2lbs
AG1500, 1600 Dual Power: 28lbs

Environmental Operating Temperature: 0° to 45°C, Humidity: 0% to 90%, Non condensing

IEC 60950-1, LU/CSA 60950-1, EN 60950-1, ICES-003, EN 55024, CISPR 22,

Regulatory Compliance
AS/NZS 3548, FCC, 47FR part 15 Class A, VCCI-A

Safety CSA, C/US, CE

Support Gold, Silver and Bronze Level Support Plans

Warranty 1 Year Hardware, 90 Day Software

Supported Hypervisors Virtual Machine Requirements

2 Virtual CPUs
VMware ESXi 4.1 or Later
4 Virtual Network Adapters
vxAG XenServer 5.6 or Later
2GB RAM
Open Xen 4.0 or Later
40GB Disk
 A G S E R I E S D ATA S H E E T

1371 McCarthy Blvd. Milpitas, CA 95035 | Phone: (408) 240-8700 Toll Free: 1-866-MY-ARRAY | www.arraynetworks.com

VERSION: APR-2014-REV-A