iChain ® 2.1: Introduction and Overview Lee Howarth Product Manager Novell, Inc.

Slides:



Advertisements
Similar presentations
Secure Single Sign-On Across Security Domains
Advertisements

Enabling Secure Internet Access with ISA Server
Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Secure Lync mobile Authentication
Implementing and Administering AD FS
Module 5: Configuring Access to Internal Resources.
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Session 11: Security with ASP.NET
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Identity Management Report By Jean Carreon and Marlon Gonzales.
Chapter 9: Novell NetWare
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Implementing iChain ® in the Wild: Life beyond the lab Rich Roberts Senior Architect – Novell Consulting Novell Inc. Jim Short iChain Guru – Novell Consulting.
70-411: Administering Windows Server 2012
How Essentialtalk Uses iChain ® and eDirectory ™ for Web Commerce Lorand L. Szojka Chief Information Officer The Essentialtalk Network
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Using Novell iChain ® 2 to Deliver Internal Network Access without a VPN Brian Six Technical Account Manager Novell, Inc.
ArcGIS Server and Portal for ArcGIS An Introduction to Security
SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.
Using AS 10g with EBS What are the Benefits of Integrating AS 10g with Oracle Applications?
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
OFC290 Information Rights Management in Microsoft Office 2003 Lauren Antonoff Group Program Manager.
Novell iManager Introduction and Overview James Whitchurch Director—Software Engineering Novell, Inc. Karl Ford Engineering.
Simplify and Strengthen Security with Oracle Application Server Allan L Haensgen Senior Principal Instructor Oracle Corporation Session id:
Riva Managed Identity Integration for Active Directory and Novell ® GroupWise ® Aldo Zanoni CEO, Managing Director Omni Technology Solutions
Using Novell GroupWise ® 6 Monitor Duane Kuehne Software Engineer Novell, Inc. Danita Zanre Senior Consultant NSC Sysop,
Keeping Your Business Online with eDirectory ™ Backup and Restore Brian Hawkins Software Engineer Novell, Inc. Roger.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
Introduction to Novell GroupWise ® Administrative Object API Glade Monson Software Engineer Novell, Inc.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Beginning Programming with the Novell GroupWise® Object API
Extending ISA/IAG beyond the limit. AGAT Security suite - introduction AGAT Security suite is a set of unique components that allow extending ISA / IAG.
Intermediate Programming with the Novell GroupWise ® Object API John Cox DSE Worldwide Developer Support Novell, Inc.
Expose the Power of Novell eDirectory ™ Using Novell eGuide: Advanced Configuration and Customization Nathan Jensen Software Engineer Novell,
Integrating Active Directory with eDirectory ™ Using Novell Account Manager Reid Oakes Technical Team Manager Novell, Inc.
1 Active Directory Service in Windows 2000 Li Yang SID: November 2000.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
Creating Custom User Management Plug-ins for iManager Eugene Baron Consultant III Novell, Inc. Adam Ruth Senior Software.
F5 APM & Security Assertion Markup Language ‘sam-el’
Web-based Storage Access John Pugh Corp Technology Strategist Novell, Inc. Scott Villinski Corp Technology Strategist
Secure Single Sign-On Across Security Domains
Stop Those Prying Eyes Getting to Your Data
Intermediate Programming with GroupWise® C3POs™
Programming with NetWare® XPlat APIs
Novell Account Management Introduction and Overview
Novell BrainShare 200 Simplifying Workstation Management Using Novell ZENworks® for Desktops Prometheus Martin Buckley Product Manager ZENworks for Desktops.
Creating Novell Portal Services Gadgets: An Architectural Overview
Novell BrainShare 2002 Success in the City: Implementing Novell Solutions at the City of Los Angeles Bob Gillette Information Systems Manager City of Los.
Securing the Net: Web Authentication Using SecureLogin
Novell BorderManager® 3.7: Technical Overview
Jumpstart Solution: Novell Active Information Portal
Extending the Net: Novell Portal Solutions Overview
Implementing B2B and B2C Using Novell Affiliate Connector
Novell iPrint Deployment Strategies
Novell Government Solutions
Novell Workspace™ Architecture and Developer Concepts
It’s one Net for Mac Users Too
Automating Mainframe Authentication Using SecureLogin
Novell eDirectory™ Competitive Comparisons
Introduction to Novell GroupWise® Token API
Presentation transcript:

iChain ® 2.1: Introduction and Overview Lee Howarth Product Manager Novell, Inc.

Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Agenda What is iChain ® ? Architectural overview iChain features Demonstration Affiliate Connector (quick intro) Question and answer

What Is iChain? “iChain is a security and management infrastructure that provides a common security framework for enabling eBusiness services while at the same time reducing complexity and total cost of ownership” iChain is a gatekeeper to web-based resources

Today’s Typical Environment Web servers and applications Security ERP CRM Employee Intranet LHowarth - xxx 7748-zzz HowarthL - yyy Partner Extranet Customer Internet Employee Intranet GabeW - xxx WatG - yyy zzz Customer Internet Employee Intranet zzz HalesMY - yyy MYHales Firewall

Novell eDirectory™ Security infrastructure Employee One Net Customer Partner MYHales - xxx LHowarth - xxx GabeW - xxx Web servers and applications ERP CRM Novell iChain Firewall

Browser Web and application servers iChain Proxy Server iChain Authorization Server 1. Authentication—Who are you? 3. Single Sign-on Security 2. Access control—What do you have access to? 4. OLAC (Personalization) 5. Data confidentiality User=xx Password=xx Books=Thrillers, Horrors Novell iChain—How Does It Work?

Browser Web and application servers iChain Proxy Server iChain Authorization Server Domain-Based Multi-Homing Access Multiple Services through One Public IP Address DNS Entry support.novell.com developer.novell.com Browser sends in HTTP host header

Authentication Service Standard browser-based access (no client) No agents required on web servers Multiple authentication methods (multi-factor)  LDAP—UserID/password ( address or any LDAP field)  X.509 Certificates  Token (RSA, Vasco, Secure Computing)—dependent on RADIUS UserID and password sent over HTTPS (HTTP optional)

Authorization Services Access control  Leverages eDirectory hierarchy and inheritance  Access based on rules stored in eDirectory (cont.) Three different levels available –“Public” —no authentication or access control –“Restricted” —authentication only –“Secure” —authentication and access control  Access rules may be assigned to Users Groups Containers (O, OU, etc.)

Dynamic Access Control Adds greater flexibility to satisfy security policies  Access based on identity information  Example “Object type=User” AND “Description=Manager” Dynamic Access Control rule

Single Sign-On/Personalization iChain Proxy forwards user information to backend web servers—utilizes object level access control  Used for Single Sign-on ICHAIN_UID and ICHAIN_PWD can be mapped to any LDAP field (allows different names/passwords to be sent to web server)  Used for personalization Sends “Parameter=Values” (retrieved using LDAP) Form fill authentication  Stores credentials entered by user (Novell SecretStore ® )  Automatically fills form on next request

Data Confidentiality Secure exchange  Secure transparent (on the fly) encryption  Eliminates the need to use SSL on web servers Increases performance of web server Decreases management tasks SSL encryption strength  Force 128-bit connections No cache setting

User and Access Management Browser-based utilities to change user profile information and passwords Leverages eDirectory restrictions  Time restrictions, intruder lockout, password history, password expiration and grace logins Offers enhanced password management features  Non-dictionary words, minimum number of numerals /characters

iChain 2.1—User Certificate Mapping Why do we need this?  iChain must know the distinguished name of the user to enforce access control  Third-party certificate authorities will very rarely distribute certificates with this information in a correct format What does it do?  Provides a mapping between the information held in the certificate to the user’s distinguished name

iChain 2.1—User Certificate Mapping How is it configured?

iChain 2.1—Custom Re-Writer Why do we need this?  When hiding internal DNS infrastructure, the browser must know how to get to services using the public DNS information  The default iChain re-writer will automatically change most of the relevant content as is passes through the proxy  Certain web applications (Oracle) hard code DNS information into its data stream This must be identified and changed

iChain 2.1—Custom Re-Writer Browser iChain Proxy Server Finance.novell.com Oracle.prv.novell.com Without custom re-write

iChain 2.1—Custom Re-Writer Browser iChain Proxy Server finance.novell.com Oracle.prv.novell.com [Name=oracleFilter] [Extension] Html, htm [Replace] PARAM name=servHost Value=finance.novell.com finance.novell.com With custom re-write

iChain 2.1—Custom Login Pages Custom page for each accelerator

iChain 2.1—Custom Cert Error Page Why do we need this?  Accelerator configured to require a certificate User has no certificate—presses Cancel, goes to a blank page User has no idea what to do next

iChain 2.1—Session Broker Increases scalability of iChain infrastructure  Shares authentication information between proxy servers Browser Session broker

iChain 2.1

Affiliate Connector (Quick Intro) What is the Affiliate Connector?  Extends the iChain authentication and access control process to affiliates (partner sites) Web services  Uses Secure Assertions Markup Language (SAML) Learn more  IO124—Implementing B2B and B2C Solutions Using Affiliate Connector

Affiliate Connector (Quick Intro) 1. Authenticate 4. Redirect to Comp X. Method = ID/PW Perk = Silver Name = John Doe FF# Affiliate site Portal Affiliate Connector 2. Link to Benefits service Comp X. (iChain) Application server iChain 6. Enforce security policies 5. Authenticate to iChain using secure token Method = ID/PW Perk = Silver Name = John Doe FF# Generate SAML Token Affiliate user

Learn More About iChain BUS227  Novell Solutions at Sesame Street BUS228  How iChain Helps Ticona Improve Business Operations BUS350  How Essentialtalk Uses iChain and eDirectory for Web Commerce

Learn More About iChain TUT254  iChain Configuration Using the Web Server Accelerator Wizard TUT254  Avoiding the Top iChain Technical Issues TUT361  CNI Education: Protecting the Network with Novell iChain

wiN big one Net solutions lab Access and Security table visit the in the to obtain an entry form

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.