Deploying Garrison SAVI®

Garrison SAVI® is available either as an on-site appliance or as a cloud-based service.

On-site appliance
Cloud-based service

Garrison SAVI® on-site

Garrison SAVI® is available today for deployment as an on-site appliance.

At the heart of the solution is the Garrison SAVI® Isolation Appliance (GIA). The GIA is a 3U datacentre appliance which presents three physical Ethernet interfaces:

  • Remote interface. This interface connects to the internet, optionally via a web proxy
  • Client interface. Clients connect to this interface over an encrypted link
  • Management interface.

Each GIA contains hundreds of SAVI Nodes, which are dynamically allocated to users on demand. SAVI Nodes are recycled using Garrison Secure Reboot when a user finishes their session, or when they are timed out due to inactivity.

Optionally, user data can be persisted using network storage so that returning users obtain the same cookies, bookmarks and open tabs that they had during their last session.

Garrison Transfer Appliance

Browsing often leads to demands for copy-and-paste and for printing. But these activities can be just as dangerous as the browsing itself: copied images or text might exploit the user’s endpoint, and print jobs might compromise sensitive printers.

The Garrison Transfer Appliance implements the Garrison SACS™ technology that allows risk-free transfer of copy-and-paste data and print jobs. Deployed alongside a Garrison SAVI® Isolation Appliance, the Garrison Transfer Appliance provides users with a full-featured browsing experience that remains risk-free for the organisation.

File downloads

The web is not just browsing – it’s also a repository of files that users might need to download.

In many cases, a file is downloaded so that it can be viewed. Garrison incorporates support for popular file types, providing tools to download, store and view files such as PDF and Office documents. Users can open high-risk files for viewing without introducing risk to enterprise data and systems.

But sometimes users really do need files from the web delivered to their native endpoints, so that they can work with them using native tools, potentially using sensitive data. At this point content security tools need to be deployed to scan and sanitise the downloaded content, using techniques such as sandboxing, signature scanning, content disarm and reconstruct, etc.

Garrison does not seek to compete with the many 3rd parties supplying content security technologies. Rather, Garrison is built around a plugin architecture that allows customers to configure what content security pipeline should be used and how files should be delivered to, and collected from, the pipeline. Many customers like to begin by reusing pipelines already in existence to secure email attachments.

Garrison SAVI® Cloud

Garrison SAVI® Cloud

As an alternative to deployment as an on-site appliance, customers can gain access to the power of Garrison SAVI® hardware as a cloud-based service.

We are currently working with a limited number of beta customers to provide secure remote browsing as a service, using the power of Garrison SAVI® hardware deployed in our highly secure data centres.

Government Deployments

Garrison provides safe web browsing that can enable personnel operating in sensitive environments, including air-gapped classified networks, to gain access to web resources.

In government deployments, personnel may also need to gain access to lower-tier networks for interworking with colleagues and allies. Garrison and its in-country partners can provide government-specific solutions that provide access to existing lower-tier VDI platforms, providing the additional reassurance of Garrison’s hardware isolation where IA requirements mandate that direct VDI is not permitted.

Contact us for more information, including certification activity.

About Garrison