Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Secure Remote Access

advertisement 
Secure Remote Access from Cyber Cafe
Timothy Siu
SunONE SE Manager
timothy.siu@sun.com
Agenda


Current Enterprise Information Portal (EIP)
requirements
Traditional Ways to Access Corporate
Networks

A Breakthrough in Corporate Networks Access

Sample Implementation of an EIP

Demonstration

Q&A
Current EIP requirement

Share information
 New
policy announcement, latest
procedure/manual, new pricing scheme...

Share Services
 Inventory
Enquiry, Office Automation...
 File
Upload/Download, Desktop Remote
control, Terminal Access...

e-Mail, Calendar, Collaboration
 Lotus
Notes, MS Exchange, ...
IT requirements for EIP

Single point of access

Confidentiality

Strong Authentication

Role-based accessibility

Non-HTML application access

Integration with existing legacy systems

Personalization
Traditional Ways to Access
Corporate Networks

Dial-up
 Slow,

high maintenance cost
Virtual Private Network
 Preinstall
VPN client before it work
 Require
distribution of customized software to the
end user device or desktop

Secure reverse proxy
 no
support in accessing non-HTML resources
A Breakthrough in Corporate
Networks Access



To User: needs only a browser and an
Internet (preferably broadband)
connection
To Admin: ONE instance, multiple
solutions to different users/ applications/
policies/ devices…
To Corporate: Lower Total cost of
ownership (TCO), NO compromise in
security!
Benefits on Business Side

Help increase Revenues and
Profitability
 Reduce
operating expenses
 Automate

& streamline processes
Help increase Competitive
Advantage
Any Service is Provisioned
Mainframe or AS/400
Any W-Windows or
Telnet Application
Files:
-Novell
-Windows
-NFS
-FTP
Portal Server Core
Any Application
Server
Any Windows
Desktop
Any Web
Server
Private LAN
DMZ
Branch
Office
(Employee)
Internet
Extranet
(Partner or
Supplier)
Lotus Notes
Gateway
(Secure
Remote
Access
Pack)
Consumer accessing your
Public Portal (Consumer)
Home/
Telecommuter (Employee)
Mobile User
(Employee)
Only changes to
existing LAN
Ubiquitous Client

NO need to install additional software at client side in order
to use Portal Server


Access HTML content/services

such as Websites, Outlook Web Access, Lotus Domino

Needs only Browser which support SSL3.0, JavaScript and JDK1 .1
Access non-HTML content/services

such as Mainframe, File Services, Mail Services…

Option 1: the corresponding Java Client, for example


Portal’s NetFile to FTP/Novell/NFS/SMB Services

OpenConnect’s TN3270 Java client to Mainframe connection
Option 2: the native Client, for example

MS Outlook to MS Exchange Server

Netscape Messenger to the IMAP Server

Need minimal re-configuration
Single Point of Access
Targeted
Representative
Key Services
Aggregated for...
Communities
Employee
Employee
Content
Content
Communication
Communication
Supplier
Supplier
Partner
Partner
Collaboration
Collaboration
Commerce
Commerce
Customer Care
Customer Care
Customer
Customer
Confidentiality

encrypted online communication by
HTTPS for web-based resources
and HTTPS Tunneling for non webbased
Strong Authentication
Strong Authentication


No passwords stored on iPlanet Portal
Server
Real-time authentication proxying to:

Digital Certificates

LDAP

Unix

RADIUS

SafeWord

SecureID

Cryptocard

S/Key (local)

NT
Role-based accessibility:
Single Instance, Multiple
Domain
Role 1
User A
User B
Role 2
User X
User Y
User Z
Domain 1
Customer
George
Martha
Fred
Ethel
Lucy
Ricky
Partner
Employee
Customer
xyz.com
Portal Server
uvw.com
Role-based accessibility:
Policy
Role 1
Customer
User A
User B
George
Martha
Fred
Ethel
Lucy
Ricky
Role 2
User X
User Y
User Z
Domain 1
xyz.com
Portal Server
Resources
Resources
Non-HTML application
access: VPN-on-demand
Outgoing
Redirector
Incoming
Redirector
Encryption Engine
Downloaded
Applet
JRE
Solaris
JVM
Local TCP
Application
Encryption
In
NetLET
IP Stack
Out
localhost
Browser
Internet
SSL
Native IP Stack
SSL
Intranet Services
Non-HTML Application
Access via Netlet
•
Display Redirection

Telnet/VT100

Citrix partnership for NT and Solaris
 Remote
 Drive

printing supported
mapping supported
TN3270 / TN5250
(Java-based
•
Any TCP-based program with fixed port

•
clients via public domain or 3rd parties)
Lotus Notes, IMAP/POP clients etc.
Microsoft Exchange dynamic port assignment
Integration with existing legacy systems
Personalization

Channel
 Each
channel represent a snapshot of each
applications/web content

Layout
 Channels

position
Option
 Combination
of Narrow and Wide Channels
Sample Implementation





NorthWestern Mutual
Employee Portal, replace existing static portal
site
8,000 employee worldwide
Leader in the life insurance and financial
services
Key business Challenge: Extend the existing
corporate intranet to the internet to allow
secure access to data and information for
Key Business Solutions


Secure remote access to
information anywhere, anytime
Single point of access to corporate
resources

Robust and scalable functionality

Single sign-on
Design Highlights



Centralize users authentication and
provide Single sign-on by using
iPlanet Directory Server
Provide Single Point of Access for
its corporate intranet by using
Secure Remote Access Pack
Secure access in-house resources
through an encrypted SSL channel
Architecture
Secure remote
access pack
Q&A
Related documents
How to use the AIM-VA portal Who can order? If you are longtime
How to use the AIM-VA portal Who can order? If you are longtime
Aeries Parent Portal is available as an app. Click for directions
Aeries Parent Portal is available as an app. Click for directions
Directions on how to access the Parent Portal
Directions on how to access the Parent Portal
A Clinical Portal Approach to EPR
A Clinical Portal Approach to EPR
PowerSchool - Georges P. Vanier Junior High School
PowerSchool - Georges P. Vanier Junior High School
The Educational Portal
The Educational Portal
Download
advertisement