We specialize in

Secure & Efficient

Work-from-Home

Solutions

Nth Generation is here to help with your most immediate needs.

#1

Ask the right questions

Does your VDI environment have enough capacity to support all of the additional users who historically were not remote users?

Given that physical access may become limited, can your team manage the infrastructure remotely?

Do you have enough capacity in your VDI environment to continue in degraded mode?

What is your contingency plan if the VDI or production environment fails?

As you make changes to support both primary and contingency plans, are you possibly exposing any new security or reliability vulnerabilities?

Are your firmware and patch levels up to date, or at minimum, current enough?

What is the security

impact of VDI

vs. Desktop-as-a-Service vs. VPN?

Whether you are expanding, strengthening, or at the starting line, we provide work-from-home solutions tailored to your current environment and specific needs.

Remote Work Offerings

Security for Remote Work

Remote Work Architectures

Remote Work VPN Solutions

Our Nth Generation account team is simply customer focused. They bring a sense of urgency to the table. They inspire us to really stretch our capabilities across the organization. They are with us throughout -- to help us solve business problems.

Mac Avancena, CIO, Kern County ITS

Security for Remote Work

Are your remote workers securely accessing your environment?

Have you ensured their wireless devices and home systems are appropriately protected?

Nth Generation can conduct a websession with remote workers to evaluate the posture of their endpoint device, as well as their wifi configurations -- to document and provide guidance, should remediation be necessary.

Number of sessions TBD

Security Posture Check

Are you using next generation AV?

When individuals use their own devices, it is especially important to mitigate the opportunity for infection. Nth Generation can rapidly rollout Cylance-managed services to ensure these devices do not infect your organization.

Endpoint Protection of
Non-Corporate Devices

Leveraging AI for optimal endpoint protection services

Have you trained your employees on proper email hygiene?

Attackers are using national and/or global emergencies as an emotional way to get users to click-through. Test, train, and reward your users by having Nth Generation conduct a Phishing exercise.

Phishing Tests & Training

Are you making changes to your perimeter to enable additional remote workers?

Ensure you haven’t accidentally exposed yourself to a growing number of cyber threats with our Rapid Vulnerability Assessment service.

External Vulnerability Assessment of Corporate Perimeter

Are you secure 24/7?

With heightened remote workers, many organizations are concerned about the lack of 24/7 visibility into attacks. Our MSSP services can quickly provide 24/7 coverage.

Managed Security Service Provider

Security.Nth.com

For more security offerings, visit:

The benefit for us is Nth Generation allows me to focus on my business, allows me to focus on my customers --

knowing they are my partner in helping me solve technology issues.

Mac Avancena, CIO, Kern County ITS

Remote Work Architectures

FULL TUNNEL

VIRTUAL PRIVATE NETWORKS

If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well. In contrast, a VDI instance isolates the client from the corporate environment, thus mitigating it's ability to infect the organization.

Cost: $

Deployment Time:

FAST

from 1 to a few days

PROS

Enables corporate network security countermeasures to inspect all traffic coming from the endpoints.
No shipping dependency (for virtual appliance).
Generally only requires a license to add additional users.

CONS

All traffic may cause network congestion.
Endpoints can directly infect the corporate network.

CAVEATS

If additional internet bandwidth is required, the lead time by the ISP must be taken into account.
Endpoint posture checking can ensure endpoint has appropriate countermeasures in place before being allowed onto the network.

ENDPOINT REQUIREMENTS:

VPN Client Software

CORPORATE REQUIREMENTS:

Next Gen Firewall or VPN Gateway

(Physical or Virtual)

SPLIT TUNNEL

VIRTUAL PRIVATE NETWORKS

If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well. In contrast a VDI instance isolates the client from the corporate environment thus mitigating it's ability to infect the organization.

Cost: $

Deployment Time:

FAST

from 1 to a few days

PROS

Minimizes bandwidth usage.
No shipping dependency (for virtual appliance).
Only requires a license generally to add additional users.

CONS

Does not have visibility to what the user does on the Internet.
Endpoints can directly infect the corporate network.

CAVEATS

There are incremental technologies to address security split tunnel vulnerabilities at the corporate network, such as: corporate proxies, open DNS, etc.

ENDPOINT REQUIREMENTS:

VPN Client Software

CORPORATE REQUIREMENTS:

Next Gen Firewall or VPN Gateway

(Physical or Virtual)

ON-PREMISE VDI

VDI instances isolate the client from the corporate environment thus mitigating its ability to infect the organization.

Cost: $$$

Deployment Time:

MEDIUM TO LONG

from a few days, to a few weeks

PROS

Isolates the potentially infected client from infecting the company.
Helps minimize data loss.
Low latency as virtual desktops and applications are in the same corporate network.

CONS

Requires compute, network, and storage, therefore may result in potential delays in shipping.
Time intensive implementation.

CAVEATS

Configuration in VDI can allow users to attach local disk to VDI. Without this, users may use shadow IT to conduct work.

ENDPOINT REQUIREMENTS:

VDI Client or Browser

CORPORATE REQUIREMENTS:

VDI Infrastructure (e.g.: VDI Licenses, Compute, Network, & Storage)

DESKTOP AS A SERVICE

(DaaS)

A VDI implementation hosted at a datacenter of a cloud provider such as Ntirety or AWS.

Cost: Subscription $$$

Deployment Time:

FAST TO MEDIUM

from a few days, to a few weeks

PROS

Quickly deployed. No requirement for hardware acquisition.
Isolates the potentially infected client from infecting the company.
Helps minimize data loss.
Low latency as virtual desktops and applications are in the same corporate network.

CONS

A secured strong connection is required between the cloud provider and the corporate network (i.e.: VPN, SDWAN or dedicated circuit).

CAVEATS

Configuration in VDI can allow users to attach local disk to VDI. Without this users may use shadow IT to conduct work.

Nth Generation takes the approach of wanting to help us in the areas we are asking. A lot of companies will come in and tell us about their products and try to force-fit them into what we’re doing. Nth actually listens.

Jim DiMarzio, CIO, Toyo Tires

Remote Work VPN Solutions

Cradlepoint can provide remote VPN services with their NetCloud Perimeter license and/or with hardware appliances. Cellular capabilities are also a selling point.

CRADLEPOINT

Cradlepoint can use hardware or NCP clients. Subscription services start at $36 a year per person.
Cradlepoint has both virtual and physical routers/firewalls. Virtual router is hosted in Amazon cloud to support up to 100 tunnels. Good for smaller deployments.
Hardware routers support POE and Wi-Fi as well as cellular connectivity.

Aruba uses their wireless controllers to support IPsec VPN users.

ARUBA

Aruba does require a license on the controller for to terminate VPN users.
Aruba has both physical and virtual controllers
Aruba has a VPN client called VIA which requires a license. No other capabilities like AV.
Aruba has hardware devices called RAP (Remote AP) which are used for remote users if hardware is needed. They are access points with 4 ethernet ports on them. These are going to be hard to get right now. Also, any IAP can be converted into a RAP so we can sell them as well. They don’t have any hardwired ethernet ports. These all need licenses on the controller.

Palo Alto uses their firewalls to provide IPsec and SSL VPN access

PALO ALTO

Palo Alto requires a license to terminate VPN users called GlobalProtect
Palo Alto has both virtual and physical firewalls.
Palo Alto uses the GlobalProtect client to support VPN users. No other capabilities like AV unless Traps is also purchased.
Palo Alto has small hardware firewalls for work at home. Some with Wi-Fi and POE.

Meraki uses their MX Security appliance to support L2TP only.

MERAKI

Meraki does not need an additional license, capacity is built into MX appliance
Meraki has both virtual and physical firewalls. Virtual is only for Amazon and Azure.
Meraki uses the standard embedded client in Windows, Mac, iOS, etc. no client to install.
Meraki has small hardware firewalls for work at home. Some with Wi-Fi and POE.

Fortinet utilizes their FortiGate Firewalls to support both IPsec and SSL VPN users.

FORTINET

Fortinet does NOT require extra licenses to support VPN features, the capacity for user limits is built in.
Fortinet has both physical and virtual firewalls.
Fortinet has a client (FortiClient) that if only using the VPN features is free to use. If other features are required like antivirus etc. then there is a license required along with setting up an EMS server.
Fortinet has small firewalls that can be used for remote workers if there is a requirement. For instance, if they have a desk phone that needs to be powered with POE or a printer that needs to communicate with the corporate network.
Another option is to use a FortiAP which is a wireless access point that can be used to setup an IPsec tunnel back to a Central FortiGate firewall.

Cisco uses their ASA and Firepower firewalls for IPsec and SSL VPN users.

CISCO

Cisco requires a license to terminate VPN users called AnyConnect.
Cisco has both virtual and physical firewalls.
Cisco uses the AnyConnect client to support VPN users. No other capabilities like AV unless AMP for endpoints is also purchased. CISCO IS MAKING AVAILABLE FREE ANYCONNECT EMERGENCY LICENSE TO USE TEMPORARILY UNTIL JULY 1, 2020.
Cisco has small hardware firewalls for work at home. Some with Wi-Fi and POE.

Extreme Networks uses hardware and cloud management instead of VPN

EXTREME NETWORKS

Cloud IQ cloud managed router and access points.
Devices create a secure tunnel back to DC using IPsec.

Contact us today

Connect with us today, to set up a call with a Subject Matter Expert that can discuss solutions best tailored for your needs.

Contact your Nth Account Manager or simply inquire below:

We specialize in

Secure & Efficient

​Work-from-Home

Solutions

​

#1

​Ask the right questions

Does your VDI environment have enough capacity to support all of the additional users who historically were not remote users?

Given that physical access may become limited, can your team manage the infrastructure remotely?

Do you have enough capacity in your VDI environment to continue in degraded mode?

What is your contingency plan if the VDI or production environment fails?

As you make changes to support both primary and contingency plans, are you possibly exposing any new security or reliability vulnerabilities?

Are your firmware and patch levels up to date, or at minimum, current enough?

What is the security

impact of VDI

vs. Desktop-as-a-Service vs. VPN?

Whether you are expanding, strengthening, or at the starting line, we provide work-from-home solutions tailored to your current environment and specific needs.

Remote Work Offerings

Security for Remote Work

Are you using next generation AV?

Have you trained your employees on proper email hygiene?

Are you making changes to your perimeter to enable additional remote workers?

Are you secure 24/7?

Remote Work Architectures

FULL TUNNEL

VIRTUAL PRIVATE NETWORKS

​

If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well. In contrast, a VDI instance isolates the client from the corporate environment, thus mitigating it's ability to infect the organization.

​

Cost: $

​

Deployment Time:

FAST

from 1 to a few days

ENDPOINT REQUIREMENTS:

VPN Client Software

CORPORATE REQUIREMENTS:

Next Gen Firewall or VPN Gateway

(Physical or Virtual)

SPLIT TUNNEL

VIRTUAL PRIVATE NETWORKS

If an endpoint is infected with Ransomware / Malware it could spread and encrypt files within the corporate network as well. In contrast a VDI instance isolates the client from the corporate environment thus mitigating it's ability to infect the organization.

​

Cost: $

​

Deployment Time:

FAST

from 1 to a few days

ENDPOINT REQUIREMENTS:

VPN Client Software

CORPORATE REQUIREMENTS:

Next Gen Firewall or VPN Gateway

(Physical or Virtual)

ON-PREMISE VDI

​

VDI instances isolate the client from the corporate environment thus mitigating its ability to infect the organization.

​

Cost: $$$

​

Deployment Time:

MEDIUM TO LONG

from a few days, to a few weeks

ENDPOINT REQUIREMENTS:

VDI Client or Browser

CORPORATE REQUIREMENTS:

VDI Infrastructure (e.g.: VDI Licenses, Compute, Network, & Storage)

DESKTOP AS A SERVICE

(DaaS)

​

A VDI implementation hosted at a datacenter of a cloud provider such as Ntirety or AWS.

​

Cost: Subscription $$$

​

Deployment Time:

FAST TO MEDIUM

from a few days, to a few weeks

Remote Work VPN Solutions

CRADLEPOINT

ARUBA

PALO ALTO

Work-from-Home

Ask the right questions