Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Post on 17-Dec-2015
217 Views
Preview:
Transcript
Secure Remote Access from Cyber Cafe
Timothy Siu
SunONE SE Manager
timothy.siu@sun.com
Agenda Current Enterprise Information Portal (EIP)
requirements
Traditional Ways to Access Corporate Networks
A Breakthrough in Corporate Networks Access
Sample Implementation of an EIP
Demonstration
Q&A
Share information New policy announcement, latest
procedure/manual, new pricing scheme...
Share Services Inventory Enquiry, Office Automation... File Upload/Download, Desktop Remote
control, Terminal Access...
e-Mail, Calendar, Collaboration Lotus Notes, MS Exchange, ...
Current EIP requirement
IT requirements for EIP Single point of access
Confidentiality
Strong Authentication
Role-based accessibility
Non-HTML application access
Integration with existing legacy systems
Personalization
Traditional Ways to Access Corporate Networks Dial-up
Slow, high maintenance cost
Virtual Private Network Preinstall VPN client before it work Require distribution of customized software to
the end user device or desktop
Secure reverse proxy no support in accessing non-HTML resources
A Breakthrough in Corporate Networks Access To User: needs only a browser and an
Internet (preferably broadband) connection
To Admin: ONE instance, multiple solutions to different users/ applications/ policies/ devices…
To Corporate: Lower Total cost of ownership (TCO), NO compromise in security!
Benefits on Business Side Help increase Revenues and
Profitability Reduce operating expenses Automate & streamline processes
Help increase Competitive Advantage
DMZ
Private LAN
Files:-Novell-Windows-NFS-FTP
Any Application Server Any Windows
Desktop Any WebServer
Mobile User(Employee)
Consumer accessing yourPublic Portal (Consumer)
Extranet(Partner orSupplier)
Any Service is Provisioned
Portal Server - Core
Gateway(SecureRemoteAccessPack)
Internet
Home/Telecommuter (Employee)
BranchOffice(Employee)
Lotus NotesAny W-Windows orTelnet Application
Mainframe or AS/400
Only changes to
existing LAN
Ubiquitous Client NO need to install additional software at client side in order to use
Portal Server
Access HTML content/services such as Websites, Outlook Web Access, Lotus Domino
Needs only Browser which support SSL3.0, JavaScript and JDK1 .1
Access non-HTML content/services such as Mainframe, File Services, Mail Services…
Option 1: the corresponding Java Client, for example Portal’s NetFile to FTP/Novell/NFS/SMB Services OpenConnect’s TN3270 Java client to Mainframe connection
Option 2: the native Client, for example MS Outlook to MS Exchange Server Netscape Messenger to the IMAP Server Need minimal re-configuration
Single Point of Access
Content
Communication
Collaboration
Commerce
Customer Care
Employee
Supplier
Partner
Customer
RepresentativeKey Services
Aggregated for...Targeted
Communities
SupplierSupplier
PartnerPartner
ContentContent
CommunicationCommunication
CollaborationCollaboration
CommerceCommerce
Customer CareCustomer Care
Any D
evice Access
EmployeeEmployee
CustomerCustomer
Confidentiality
encrypted online communication by HTTPS for web-based resources and HTTPS Tunneling for non web-based
Strong Authentication
Strong Authentication No passwords stored on iPlanet Portal Server Real-time authentication proxying to:
Digital Certificates LDAP Unix RADIUS SafeWord SecureID Cryptocard S/Key (local) NT
Role-based accessibility: Single Instance, Multiple Domain
Customer George Martha Fred Ethel Lucy Ricky
Role 1 User A User B
Role 2 User X User Y User Z
Partner
Employee
Customer
Domain 1 xyz.com uvw.com
Portal Server
Role-based accessibility: Policy
Customer George Martha Fred Ethel Lucy Ricky
Role 1 User A User B
Role 2 User X User Y User Z
Domain 1 xyz.com
Portal Server ResourcesResources
Non-HTML application access: VPN-on-demand
In Out
Native IP Stack
localhost
DownloadedApplet
Local TCPApplication Encryption
JRE
IP Stack
OutgoingRedirector
IncomingRedirector
Encryption Engine
Solaris
Intranet Services
SSL
SS
LJVM
Internet
NetLET
Browser
Non-HTML Application Access via Netlet• Display Redirection
Telnet/VT100 Citrix partnership for NT and Solaris
Remote printing supported Drive mapping supported
TN3270 / TN5250 (Java-based clients via public domain or 3rd parties)
• Any TCP-based program with fixed port Lotus Notes, IMAP/POP clients etc.
• Microsoft Exchange dynamic port assignment
Integration with existing legacy systems
Personalization
Channel Each channel represent a snapshot of
each applications/web content
Layout Channels position
Option Combination of Narrow and Wide
Channels
Sample Implementation NorthWestern Mutual Employee Portal, replace existing static portal
site 8,000 employee worldwide Leader in the life insurance and financial services Key business Challenge: Extend the existing
corporate intranet to the internet to allow secure access to data and information for mobile field force and business partners
Key Business Solutions
Secure remote access to information anywhere, anytime
Single point of access to corporate resources
Robust and scalable functionality
Single sign-on
Design Highlights
Centralize users authentication and provide Single sign-on by using iPlanet Directory Server
Provide Single Point of Access for its corporate intranet by using Secure Remote Access Pack
Secure access in-house resources through an encrypted SSL channel
Architecture
Secure remote access pack
Q & A
top related