Top Banner
Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager [email protected] m
31
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Secure Remote Access from Cyber Cafe

Timothy Siu

SunONE SE Manager

[email protected]

Page 2: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Agenda Current Enterprise Information Portal (EIP)

requirements

Traditional Ways to Access Corporate Networks

A Breakthrough in Corporate Networks Access

Sample Implementation of an EIP

Demonstration

Q&A

Page 3: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Share information New policy announcement, latest

procedure/manual, new pricing scheme...

Share Services Inventory Enquiry, Office Automation... File Upload/Download, Desktop Remote

control, Terminal Access...

e-Mail, Calendar, Collaboration Lotus Notes, MS Exchange, ...

Current EIP requirement

Page 4: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

IT requirements for EIP Single point of access

Confidentiality

Strong Authentication

Role-based accessibility

Non-HTML application access

Integration with existing legacy systems

Personalization

Page 5: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Traditional Ways to Access Corporate Networks Dial-up

Slow, high maintenance cost

Virtual Private Network Preinstall VPN client before it work Require distribution of customized software to

the end user device or desktop

Secure reverse proxy no support in accessing non-HTML resources

Page 6: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

A Breakthrough in Corporate Networks Access To User: needs only a browser and an

Internet (preferably broadband) connection

To Admin: ONE instance, multiple solutions to different users/ applications/ policies/ devices…

To Corporate: Lower Total cost of ownership (TCO), NO compromise in security!

Page 7: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Benefits on Business Side Help increase Revenues and

Profitability Reduce operating expenses Automate & streamline processes

Help increase Competitive Advantage

Page 8: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

DMZ

Private LAN

Files:-Novell-Windows-NFS-FTP

Any Application Server Any Windows

Desktop Any WebServer

Mobile User(Employee)

Consumer accessing yourPublic Portal (Consumer)

Extranet(Partner orSupplier)

Any Service is Provisioned

Portal Server - Core

Gateway(SecureRemoteAccessPack)

Internet

Home/Telecommuter (Employee)

BranchOffice(Employee)

Lotus NotesAny W-Windows orTelnet Application

Mainframe or AS/400

Only changes to

existing LAN

Page 9: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Ubiquitous Client NO need to install additional software at client side in order to use

Portal Server

Access HTML content/services such as Websites, Outlook Web Access, Lotus Domino

Needs only Browser which support SSL3.0, JavaScript and JDK1 .1

Access non-HTML content/services such as Mainframe, File Services, Mail Services…

Option 1: the corresponding Java Client, for example Portal’s NetFile to FTP/Novell/NFS/SMB Services OpenConnect’s TN3270 Java client to Mainframe connection

Option 2: the native Client, for example MS Outlook to MS Exchange Server Netscape Messenger to the IMAP Server Need minimal re-configuration

Page 10: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Single Point of Access

Content

Communication

Collaboration

Commerce

Customer Care

Employee

Supplier

Partner

Customer

RepresentativeKey Services

Aggregated for...Targeted

Communities

SupplierSupplier

PartnerPartner

ContentContent

CommunicationCommunication

CollaborationCollaboration

CommerceCommerce

Customer CareCustomer Care

Any D

evice Access

EmployeeEmployee

CustomerCustomer

Page 11: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Confidentiality

encrypted online communication by HTTPS for web-based resources and HTTPS Tunneling for non web-based

Page 12: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Strong Authentication

Page 13: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Strong Authentication No passwords stored on iPlanet Portal Server Real-time authentication proxying to:

Digital Certificates LDAP Unix RADIUS SafeWord SecureID Cryptocard S/Key (local) NT

Page 14: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Role-based accessibility: Single Instance, Multiple Domain

Customer George Martha Fred Ethel Lucy Ricky

Role 1 User A User B

Role 2 User X User Y User Z

Partner

Employee

Customer

Domain 1 xyz.com uvw.com

Portal Server

Page 15: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Role-based accessibility: Policy

Customer George Martha Fred Ethel Lucy Ricky

Role 1 User A User B

Role 2 User X User Y User Z

Domain 1 xyz.com

Portal Server ResourcesResources

Page 16: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 17: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 18: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Non-HTML application access: VPN-on-demand

In Out

Native IP Stack

localhost

DownloadedApplet

Local TCPApplication Encryption

JRE

IP Stack

OutgoingRedirector

IncomingRedirector

Encryption Engine

Solaris

Intranet Services

SSL

SS

LJVM

Internet

NetLET

Browser

Page 19: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Non-HTML Application Access via Netlet• Display Redirection

Telnet/VT100 Citrix partnership for NT and Solaris

Remote printing supported Drive mapping supported

TN3270 / TN5250 (Java-based clients via public domain or 3rd parties)

• Any TCP-based program with fixed port Lotus Notes, IMAP/POP clients etc.

• Microsoft Exchange dynamic port assignment

Page 20: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Integration with existing legacy systems

Page 21: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 22: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Personalization

Channel Each channel represent a snapshot of

each applications/web content

Layout Channels position

Option Combination of Narrow and Wide

Channels

Page 23: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 24: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 25: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 26: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.
Page 27: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Sample Implementation NorthWestern Mutual Employee Portal, replace existing static portal

site 8,000 employee worldwide Leader in the life insurance and financial services Key business Challenge: Extend the existing

corporate intranet to the internet to allow secure access to data and information for mobile field force and business partners

Page 28: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Key Business Solutions

Secure remote access to information anywhere, anytime

Single point of access to corporate resources

Robust and scalable functionality

Single sign-on

Page 29: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Design Highlights

Centralize users authentication and provide Single sign-on by using iPlanet Directory Server

Provide Single Point of Access for its corporate intranet by using Secure Remote Access Pack

Secure access in-house resources through an encrypted SSL channel

Page 30: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Architecture

Secure remote access pack

Page 31: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com.

Q & A