Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager

Published byJemimah Bennett Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager"— Presentation transcript:

1 Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com

2 Agenda  Current Enterprise Information Portal (EIP) requirements  Traditional Ways to Access Corporate Networks  A Breakthrough in Corporate Networks Access  Sample Implementation of an EIP  Demonstration  Q&A

3  Share information  New policy announcement, latest procedure/manual, new pricing scheme...  Share Services  Inventory Enquiry, Office Automation...  File Upload/Download, Desktop Remote control, Terminal Access...  e-Mail, Calendar, Collaboration  Lotus Notes, MS Exchange,... Current EIP requirement

4 IT requirements for EIP  Single point of access  Confidentiality  Strong Authentication  Role-based accessibility  Non-HTML application access  Integration with existing legacy systems  Personalization

5 Traditional Ways to Access Corporate Networks  Dial-up  Slow, high maintenance cost  Virtual Private Network  Preinstall VPN client before it work  Require distribution of customized software to the end user device or desktop  Secure reverse proxy  no support in accessing non-HTML resources

6 A Breakthrough in Corporate Networks Access  To User: needs only a browser and an Internet (preferably broadband) connection  To Admin: ONE instance, multiple solutions to different users/ applications/ policies/ devices…  To Corporate: Lower Total cost of ownership (TCO), NO compromise in security!

7 Benefits on Business Side  Help increase Revenues and Profitability  Reduce operating expenses  Automate & streamline processes  Help increase Competitive Advantage

8 DMZ Private LAN Files: -Novell -Windows -NFS -FTP Any Application Server Any Windows Desktop Any Web Server Mobile User (Employee) Consumer accessing your Public Portal (Consumer) Extranet (Partner or Supplier) Any Service is Provisioned Portal Server - Core Gateway (Secure Remote Access Pack) Internet Home/ Telecommuter (Employee) Branch Office (Employee) Lotus Notes Any W-Windows or Telnet Application Mainframe or AS/400 Only changes to existing LAN

9 Ubiquitous Client  NO need to install additional software at client side in order to use Portal Server  Access HTML content/services  such as Websites, Outlook Web Access, Lotus Domino  Needs only Browser which support SSL3.0, JavaScript and JDK1.1  Access non-HTML content/services  such as Mainframe, File Services, Mail Services…  Option 1: the corresponding Java Client, for example  Portal’s NetFile to FTP/Novell/NFS/SMB Services  OpenConnect’s TN3270 Java client to Mainframe connection  Option 2: the native Client, for example  MS Outlook to MS Exchange Server  Netscape Messenger to the IMAP Server  Need minimal re-configuration

10 Single Point of Access Content Communication Collaboration Commerce Customer Care Employee Supplier Partner Customer Representative Key Services Aggregated for... Targeted CommunitiesSupplier Partner Content Communication Collaboration Commerce Customer Care Any Device Access Employee Customer

11 Confidentiality  encrypted online communication by HTTPS for web-based resources and HTTPS Tunneling for non web- based

12 Strong Authentication

13  No passwords stored on iPlanet Portal Server  Real-time authentication proxying to:  Digital Certificates  LDAP  Unix  RADIUS  SafeWord  SecureID  Cryptocard  S/Key (local)  NT

14 Role-based accessibility: Single Instance, Multiple Domain Customer George Martha Fred Ethel Lucy Ricky Role 1 User A User B Role 2 User X User Y User Z Partner Employee Customer Domain 1xyz.comuvw.com Portal Server

15 Role-based accessibility : Policy Customer George Martha Fred Ethel Lucy Ricky Role 1 User A User B Role 2 User X User Y User Z Domain 1 xyz.com Portal Server Resources

16

17

18 Non-HTML application access: VPN-on-demand InOut Native IP Stack localhost Downloaded Applet Local TCP Application Encryption JRE IP Stack Outgoing Redirector Incoming Redirector Encryption Engine Solaris Intranet Services SSL JVM Internet NetLET Browser

19 Non-HTML Application Access via Netlet Display Redirection  Telnet/VT100  Citrix partnership for NT and Solaris  Remote printing supported  Drive mapping supported  TN3270 / TN5250  (Java-based clients via public domain or 3 rd parties) Any TCP-based program with fixed port  Lotus Notes, IMAP/POP clients etc. Microsoft Exchange dynamic port assignment

20 Integration with existing legacy systems

21

22 Personalization  Channel  Each channel represent a snapshot of each applications/web content  Layout  Channels position  Option  Combination of Narrow and Wide Channels

23

24

25

26

27 Sample Implementation  NorthWestern Mutual  Employee Portal, replace existing static portal site  8,000 employee worldwide  Leader in the life insurance and financial services  Key business Challenge: Extend the existing corporate intranet to the internet to allow secure access to data and information for mobile field force and business partners

28 Key Business Solutions  Secure remote access to information anywhere, anytime  Single point of access to corporate resources  Robust and scalable functionality  Single sign-on

29 Design Highlights  Centralize users authentication and provide Single sign-on by using iPlanet Directory Server  Provide Single Point of Access for its corporate intranet by using Secure Remote Access Pack  Secure access in-house resources through an encrypted SSL channel

30 Architecture Secure remote access pack

31 Q & A

Download ppt "Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager"

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Heroix Longitude - multiplatform, automated application performance monitoring and management software.

Heroix Longitude - multiplatform, automated application performance monitoring and management software.
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 WX Client Rajoo Nagar PLM, WABU.

| Copyright © 2009 Juniper Networks, Inc. | 1 WX Client Rajoo Nagar PLM, WABU.
Ljubomir Ivaniš CPU d.o.o.

Ljubomir Ivaniš CPU d.o.o.
Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.

Citrix Secure Gateway v1.1 Technical Presentation August 2002 Technical Presentation August 2002.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.

1 Intel / Shiva VPN Solutions Stephen Wong System Engineer.
EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.

EToken PRO Anywhere. Agenda  eToken PRO Anywhere Overview  Market background and target markets  Identifying the opportunity  Implementation and Pricing.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.

Fundamentals of Information Systems, Second Edition 1 Telecommunications, the Internet, Intranets, and Extranets Chapter 4.
Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.

Citrix ® Secure Gateway Phil Montgomery Senior Product Manager Citrix Products and Services October 2001.
Remote Networking Architectures

Remote Networking Architectures
Microsoft Exchange Exchange is more than just Electronic Mail The server that embraces Internet standards and extends rich messaging and collaboration.

Microsoft Exchange Exchange is more than just Electronic Mail The server that embraces Internet standards and extends rich messaging and collaboration.
Page Copyright Giritech A/S an – Excitor company.

Page Copyright Giritech A/S an – Excitor company.
© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.

© 2005,2006 NeoAccel Inc. Training Access Modes. © 2005,2006 NeoAccel Inc. Agenda 2. Access Terminals 6. Quick Access Terminal Client 3. SSL VPN-Plus.
Intranets Lessons from Global Experiences J Satyanarayana Chief Executive Officer National Institute for Smart Government Hyderabad, India.

Intranets Lessons from Global Experiences J Satyanarayana Chief Executive Officer National Institute for Smart Government Hyderabad, India.
Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google