We specialize in
Secure & Efficient
​Remote / Work-from-Home
Solutions
​
Nth Generation is here to help with your most immediate needs.
#1
​Ask the right questions
Does your VDI environment have enough capacity to support all of the additional users who historically were not remote users?
Do you have enough capacity in your VDI environment to continue in degraded mode?
Given that physical access may become limited, can your team manage the infrastructure remotely?
What is your contingency plan if the VDI or production environment fails?
As you make changes to support both primary and contingency plans, are you possibly exposing any new security or reliability vulnerabilities?
Are your firmware and patch levels up to date, or at minimum, current enough?
What is the security
impact of VDI
vs. Desktop-as-a-Service vs. VPN?
Whether you are expanding, strengthening, or at the starting line, we provide work-from-home solutions tailored to your current environment and specific needs.
Remote Work Offerings
Our Nth Generation account team is simply customer focused. They bring a sense of urgency to the table. They inspire us to really stretch our capabilities across the organization. They are with us throughout -- to help us solve business problems.
​
Mac Avancena, CIO, Kern County ITS
Security for Remote Work
Security Posture Check
Are your remote workers securely accessing your environment?
​
Have you ensured their wireless devices and home systems are appropriately protected?
​Nth Generation can conduct a websession with remote workers to evaluate the posture of their endpoint device, as well as their wifi configurations -- to document and provide guidance, should remediation be necessary.
​
Number of sessions TBD
Endpoint Protection of
Non-Corporate Devices
Leveraging AI for optimal endpoint protection services
Are you using next generation AV?
When individuals use their own devices, it is especially important to mitigate the opportunity for infection. Nth Generation can rapidly rollout Cylance-managed services to ensure these devices do not infect your organization.
Phishing Tests & Training
Have you trained your employees on proper email hygiene?
Attackers are using national and/or global emergencies as an emotional way to get users to click-through. Test, train, and reward your users by having Nth Generation conduct a Phishing exercise.
External Vulnerability Assessment of Corporate Perimeter
Are you making changes to your perimeter to enable additional remote workers?
Ensure you haven’t accidentally exposed yourself to a growing number of cyber threats with our Rapid Vulnerability Assessment service.
Managed Security Service Provider
Are you secure 24/7?
With heightened remote workers, many organizations are concerned about the lack of 24/7 visibility into attacks. Our MSSP services can quickly provide 24/7 coverage.
For more security offerings, visit:
The benefit for us is Nth Generation allows me to focus on my business, allows me to focus on my customers --
knowing they are my partner in helping me solve technology issues.
​
Mac Avancena, CIO, Kern County ITS
Remote Work Architectures
FULL TUNNEL
VIRTUAL PRIVATE NETWORKS
​
If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well. In contrast, a VDI instance isolates the client from the corporate environment, thus mitigating it's ability to infect the organization.
​
Cost: $
Deployment Time: FAST
from 1 to a few days
PROS
​
-
Enables corporate network security countermeasures to inspect all traffic coming from the endpoints.
-
No shipping dependency (for virtual appliance).
-
Generally only requires a license to add additional users.
CONS
​
-
All traffic may cause network congestion.
-
Endpoints can directly infect the corporate network.
CAVEATS
​
-
If additional internet bandwidth is required, the lead time by the ISP must be taken into account.
-
Endpoint posture checking can ensure endpoint has appropriate countermeasures in place before being allowed onto the network.
ENDPOINT REQUIREMENTS:
VPN Client Software
CORPORATE REQUIREMENTS:
Next Gen Firewall or VPN Gateway
(Physical or Virtual)
SPLIT TUNNEL
VIRTUAL PRIVATE NETWORKS
If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well. In contrast a VDI instance isolates the client from the corporate environment thus mitigating it's ability to infect the organization.
​
Cost: $
Deployment Time: FAST
from 1 to a few days
PROS
​
-
Minimizes bandwidth usage.
-
No shipping dependency (for virtual appliance).
-
Only requires a license generally to add additional users.
CONS
​
-
Does not have visibility to what the user does on the Internet.
-
Endpoints can directly infect the corporate network.
CAVEATS
​
-
There are incremental technologies to address security split tunnel vulnerabilities at the corporate network, such as: corporate proxies, open DNS, etc.
ENDPOINT REQUIREMENTS:
VPN Client Software
CORPORATE REQUIREMENTS:
Next Gen Firewall or VPN Gateway
(Physical or Virtual)
ON-PREMISE VDI
​
VDI instances isolate the client from the corporate environment thus mitigating its ability to infect the organization.
​
Cost: $$$
​
Deployment Time:
MEDIUM TO LONG
from a few days, to a few weeks
PROS
​
-
Isolates the potentially infected client from infecting the company.
-
Helps minimize data loss.
-
Low latency as virtual desktops and applications are in the same corporate network.
CONS
​
-
Requires compute, network, and storage, therefore may result in potential delays in shipping.
-
Time intensive implementation.
CAVEATS
​
-
Configuration in VDI can allow users to attach local disk to VDI. Without this, users may use shadow IT to conduct work.
ENDPOINT REQUIREMENTS:
VDI Client or Browser
CORPORATE REQUIREMENTS:
VDI Infrastructure (e.g.: VDI Licenses, Compute, Network, & Storage)
DESKTOP AS A SERVICE
(DaaS)
​
A VDI implementation hosted at a datacenter of a cloud provider such as Ntirety or AWS.
​
Cost: Subscription $$$
​
Deployment Time:
FAST TO MEDIUM
from a few days, to a few weeks
PROS
​
-
Quickly deployed. No requirement for hardware acquisition.
-
Isolates the potentially infected client from infecting the company.
-
Helps minimize data loss.
-
Low latency as virtual desktops and applications are in the same corporate network.
CONS
​
-
A secured strong connection is required between the cloud provider and the corporate network (i.e.: VPN, SDWAN or dedicated circuit).
CAVEATS
​
-
Configuration in VDI can allow users to attach local disk to VDI. Without this users may use shadow IT to conduct work.
Nth Generation takes the approach of wanting to help us in the areas we are asking. A lot of companies will come in and tell us about their products and try to force-fit them into what we’re doing. Nth actually listens.
​
Jim DiMarzio, CIO, Toyo Tires
Remote Work VPN Solutions
CRADLEPOINT
Cradlepoint can provide remote VPN services with their NetCloud Perimeter license and/or with hardware appliances. Cellular capabilities are also a selling point.
-
Cradlepoint can use hardware or NCP clients. Subscription services start at $36 a year per person.
-
Cradlepoint has both virtual and physical routers/firewalls. Virtual router is hosted in Amazon cloud to support up to 100 tunnels. Good for smaller deployments.
-
Hardware routers support POE and Wi-Fi as well as cellular connectivity.
ARUBA
Aruba uses their wireless controllers to support IPsec VPN users.
-
Aruba does require a license on the controller for to terminate VPN users.
-
Aruba has both physical and virtual controllers
-
Aruba has a VPN client called VIA which requires a license. No other capabilities like AV.
-
Aruba has hardware devices called RAP (Remote AP) which are used for remote users if hardware is needed. They are access points with 4 ethernet ports on them. These are going to be hard to get right now. Also, any IAP can be converted into a RAP so we can sell them as well. They don’t have any hardwired ethernet ports. These all need licenses on the controller.
PALO ALTO
Palo Alto uses their firewalls to provide IPsec and SSL VPN access
-
Palo Alto requires a license to terminate VPN users called GlobalProtect
-
Palo Alto has both virtual and physical firewalls.
-
Palo Alto uses the GlobalProtect client to support VPN users. No other capabilities like AV unless Traps is also purchased.
-
Palo Alto has small hardware firewalls for work at home. Some with Wi-Fi and POE.
MERAKI
Meraki uses their MX Security appliance to support L2TP only.
-
Meraki does not need an additional license, capacity is built into MX appliance
-
Meraki has both virtual and physical firewalls. Virtual is only for Amazon and Azure.
-
Meraki uses the standard embedded client in Windows, Mac, iOS, etc. no client to install.
-
Meraki has small hardware firewalls for work at home. Some with Wi-Fi and POE.
FORTINET
Fortinet utilizes their FortiGate Firewalls to support both IPsec and SSL VPN users.
-
Fortinet does NOT require extra licenses to support VPN features, the capacity for user limits is built in.
-
Fortinet has both physical and virtual firewalls.
-
Fortinet has a client (FortiClient) that if only using the VPN features is free to use. If other features are required like antivirus etc. then there is a license required along with setting up an EMS server.
-
Fortinet has small firewalls that can be used for remote workers if there is a requirement. For instance, if they have a desk phone that needs to be powered with POE or a printer that needs to communicate with the corporate network.
-
Another option is to use a FortiAP which is a wireless access point that can be used to setup an IPsec tunnel back to a Central FortiGate firewall.
CISCO
Cisco uses their ASA and Firepower firewalls for IPsec and SSL VPN users.
-
Cisco requires a license to terminate VPN users called AnyConnect.
-
Cisco has both virtual and physical firewalls.
-
Cisco uses the AnyConnect client to support VPN users. No other capabilities like AV unless AMP for endpoints is also purchased. CISCO IS MAKING AVAILABLE FREE ANYCONNECT EMERGENCY LICENSE TO USE TEMPORARILY UNTIL JULY 1, 2020.
-
Cisco has small hardware firewalls for work at home. Some with Wi-Fi and POE.
EXTREME NETWORKS
Extreme Networks uses hardware and cloud management instead of VPN
-
Cloud IQ cloud managed router and access points.
-
Devices create a secure tunnel back to DC using IPsec.