Novell BorderManager® 3.7: What’s New and Beyond Novell BrainShare 2002 Novell BorderManager® 3.7: What’s New and Beyond Scott Jones, Master CNE Product Manager, Novell BorderManager Novell’s Access and Security Group nbm@novell.com Brett Matesen Director of Business Development SurfControl, Inc. Brett.Matesen@SurfControl.com IO221—Novell BorderManager 3.7: What's New and Beyond

Outline Introduction Novell BorderManager® product overview Novell BorderManager 3.7 new features SurfControl solutions for Novell BorderManager Novell BorderManager 3.7 enhancement pack Etheria Question and answer

Introduction

Vision…one Net Mission A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Who We Are Scott Jones, Master CNE Brett Matesen Product Manager for Novell BorderManager. Scott has been working with Novell products for seven years, first as a reseller, then with Novell Consulting. He has deployed NBM around the globe in all kinds of environments, from small businesses to universities to the Fortune 100 Brett Matesen Director of Business Development for SurfControl. Brett is responsible for identifying and executing strategic partnerships to help drive the company's explosive growth. Prior to his current position, Brett held senior business development positions with leading security software companies Check Point Software and BioNetrix Systems Corp. He holds a Bachelor of Science in Design Engineering from Brigham Young University

Who this Session Is for This session is for those who recommend and approve the purchase of network security solutions, as well as for those who plan, implement and maintain Internet connectivity and information security

Novell BorderManager Product Overview

Novell BorderManager (NBM) Product Description Novell BorderManager is one of Novell’s premier access and security solutions With its powerful directory-integrated features, you can control, accelerate and monitor your users’ Internet activities Because Novell BorderManager leverages identity-based access control and forward proxies, you can safeguard your network against undesirable Internet content while maintaining exceptional performance levels Novell BorderManager also integrates VPN services, an industry-certified firewall and a scalable content filtering service to ensure that your network is protected and your users are productive

The Business Problems Employee productivity is impacted by free use of the public Internet Increasing utilization of finite bandwidth Finding the balance between access requirements and security Avoiding liability exposure Providing secure remote access at a manageable cost Multiple network identities increase cost of IT management

Novell BrainShare 2002 The Novell Solution Problem: Employee productivity is impacted by free use of the public Internet Novell BorderManager… Provides an enhanced user experience via improved network performance Keeps your users on-task by blocking non-work related web sites IO221—Novell BorderManager 3.7: What's New and Beyond

The Novell Solution Problem: Increasing utilization of finite bandwidth Novell BorderManager… Caches content close to users Keeps unnecessary traffic off your private network Reduces load on ISP links

The Novell Solution Problem: Finding the balance between access requirements and security Novell BorderManager… Keeps hackers out with an industry-certified firewall Helps keep your users from accessing potentially dangerous web sites

The Novell Solution Problem: Avoiding liability exposure Novell BorderManager… Helps keep illegal content from the Internet off your private network Prevents your users from hosting Internet services Provides accurate, comprehensive activity logging by user ID to support possible disciplinary action or litigation

The Novell Solution Problem: Providing secure remote access at a manageable cost Novell BorderManager’s VPN service… Provides secure, general-purpose remote access for legacy applications and protocols (including IPX) Reduces cost of remote access and connectivity Allows users to access your private network from anywhere on the Internet Includes site-to-site VPN, which eliminates the need for expensive WAN links

The Novell Solution Problem: Multiple network identities increase cost of IT management Novell BorderManager is based on Novell eDirectory™, which… Allows access policies to be defined based on the identity and role of each user Provides unified administration of network access and security eDirectory is cross-platform and can connect with any user database via DirXML™

Novell Secure Access™ Novell BorderManager is a key piece of the Novell Secure Access™ business strategy BorderManager brings a recognized brand and a large installed base to Novell Secure Access™, which can be leveraged to the benefit of the entire suite Maximum interoperability will be designed into all Novell Secure Access products This will provide an enhanced value proposition that can be leveraged by partners and customers Other Novell Secure Access products include Novell iChain®, Novell Secure Login (NSL), NMAS™, and Novell Account Management (NAM)

BorderManager and iChain Manages private (LAN) users Increases user productivity and reduces private network traffic Prime security threat is external content Works on top of several forward proxies (HTTP, FTP, Telnet, NNTP, RTSP, etc.) Manages users on Internet Facilitates change to Internet office Prime security threat is external users Works on top of reverse HTTP proxy VPN General-purpose Legacy applications Web security Web-based access Future direction

Novell BorderManager and Volera Excelerator Excelerator is a dedicated-function, highly-scalable proxy-cache It fits into a different market space, caching and web acceleration, which is a network infrastructure category NBM is a Firewall/VPN solution, which is a security category The two products can complement each other very well in a cache hierarchy to provide customers with a balance of scalability/performance and granular, identity-based access control A white paper discussing the use of NBM and Excelerator together is available at http://www.novell.com/products/bordermanager

Novell BorderManager 3.7 New Features

Novell BrainShare 2002 Novell BorderManager 3.7 Novell BorderManager (NBM) 3.7 (single product, no “Enterprise Edition”) FCS date—April 12, 2002 ICSA Firewall certified Purpose Demonstrate Novell commitment to BorderManager Provide in-demand enhancements quickly Replace 3.6 in the product catalog Provide 3.5 customers with compelling reasons to upgrade Draw attention back to the product as we build up momentum for Etheria (4.0) IO221—Novell BorderManager 3.7: What's New and Beyond

Novell BorderManager 3.7 (cont.) Novell BrainShare 2002 Novell BorderManager 3.7 (cont.) New content filtering and monitoring/reporting solutions from SurfControl SurfControl Content Database (limited functionality) in the box May be upgraded to SuperScout Web Filter (corporate), or CyberPatrol Web Filter (education) Over one million sites with thousands added each month More categories, updated daily Web traffic monitoring and reporting SurfControl is the undisputed market leader for content filtering (source: IDC 2001) SurfControl owns the old CyberPatrol and will provide an upgrade path IO221—Novell BorderManager 3.7: What's New and Beyond

Novell BorderManager 3.7 (cont.) Novell BrainShare 2002 Novell BorderManager 3.7 (cont.) Browser-based IP packet filtering (Novell iManager) Craig Johnson’s Beginner’s Guide to BorderManager (selections) Personal firewall bundled New “look and feel”—updated to current Novell design standards VPN client for Windows Me and Windows XP IO221—Novell BorderManager 3.7: What's New and Beyond

Novell BorderManager 3.7 (cont.) Novell BrainShare 2002 Novell BorderManager 3.7 (cont.) NICI support in VPN client Virus request blocking at proxy, with heuristics and auto update All updates to 3.6 incorporated into base product Installation enhancements (require default route, tighter default filters, etc.) Will be tested and supported on NetWare 5.1 SP4 and 6.0 SP1 IO221—Novell BorderManager 3.7: What's New and Beyond

SurfControl Solutions for Novell BorderManager

SurfControl Overview #1 Internet filtering company in the global security market Filtering market growth to $1.4B in 2005 196% revenue growth for FY2000 Award-winning Partner-centric company with 100+ partnerships

Did You Know… 70% of inappropriate Internet traffic happens between nine and five o’ clock More than 60% of online purchases are made during work hours 35% of lost productivity due to personal Internet use 27% of the Fortune 500 have battled harassment claims due to Internet/e-mail abuse

Is There a Problem?

Who Is Causing the Problem?

SurfControl Content Database FREE with all NBM 3.7 Seven categories 100K+ web sites Purchase from SurfControl 30 categories 2M+ websites Reporting and monitoring Also available for 45-day evaluation

Two New Products SuperScout Web Filter (corporate) CyberPatrol Web Filter (education) Both include… The SurfControl Content Database Monitor and Reporter module

Why Filter? Manage productivity Maximize network bandwidth Reduce risk Keep users from becoming abusers Maximize network bandwidth Protect against non-business bandwidth eaters Reduce risk Secure company resources for company business

SurfControl Content DB How It Works Reporter/Monitor Client NBM3.7 Are Allowed? NO YES http://www.cnn.com What is the category for www.cnn.com? www.cnn.com is Entertainment News Financial SurfControl Content DB www.cnn.com

SurfControl Content Database < 2 Million+ web sites and growing 30 ‘relevant’ categories 40 global researchers Daily content updates

Oh, How We’ve Grown SurfControl Content Database in NBM 3.7 CyberNOT List in NBM 3.6 2M+ web sites and growing Daily updates 30 categories 40 global researchers 65K web sites (max size) Updates weekly 27 categories 40 global researchers

Reporting and Monitoring Robust reporting Over 60 easy-to-read reports Access anytime, anywhere Variety of formats Real-time monitoring Who’s surfing where NOW Color-coded categories Quickly jump to browse sites

Evaluation and Upgrade Path SurfControl Content DB FREE Seven categories 45-day evaluation SurfControl Content DB Monitoring/Reporting by registering with SurfControl Purchase upgrade from SurfControl After 45-day evaluation Current list price Current customers upgrade with maintenance contract purchase

Novell BorderManager 3.7 Enhancement Pack

NBM 3.7 Enhancement Pack Target FCS in calendar Q4 2002 Downloadable for all NBM 3.7 customers Improved proxy support for Citrix clients Improved proxy support for Mac clients IKE support Will eliminate most NAT, ISP, and third-party compatibility issues New model will allow a private IP address, SLP config and other IP info to be pushed to client VPN client for Windows XP Home Edition (pending research)

NBM 3.7 Enhancement Pack (cont.) Novell BrainShare 2002 NBM 3.7 Enhancement Pack (cont.) Emphasize VPN compatibility with other vendors Will test our server with the Microsoft VPN client Will test with Nortel VPN client and server NMAS integration with VPN client (tokens, smart cards, biometrics, etc.) VPN client LDAP authentication to remote authoritative directory IO221—Novell BorderManager 3.7: What's New and Beyond

NBM 3.7 Enhancement Pack (cont.) Novell BrainShare 2002 NBM 3.7 Enhancement Pack (cont.) Personal firewall integration 1st level—VPN client will check for the presence of the personal firewall before allowing a connection Ability to control where VPN users can go on private network, by login ID PPPoE support (primarily for xDSL links to ISPs) IO221—Novell BorderManager 3.7: What's New and Beyond

Etheria

Leaping Ahead—Etheria Novell BrainShare 2002 Leaping Ahead—Etheria Novell BorderManager 4.0 Target FCS in calendar Q2 2003 Focus on core competencies that people pay for #1 – Identity-based access control and forward proxies #2 – VPN #3 – Firewall Drop other features IP Gateway BMAS - functionality will be replaced by NMAS Reverse proxy  iChain (retain basic functionality in BM) Will have sane upgrade paths, technical and licensing/pricing IO221—Novell BorderManager 3.7: What's New and Beyond

Leaping Ahead—Etheria (cont.) IP routing and firewall enhancements Divide NIAS features between NetWare® and BorderManager based on customer research Drop unused features based on customer research NAT enhancements—PPTP, H.323, etc. GUI-based administration (100% Novell iManager) Filter wizards (guide customer through setting up new services) IP traffic analysis Display what protocols are on the wire to aid in developing firewall design/policy decisions Verifies desired firewall configuration Intrusion detection and notification Multi-processor enabled packet filter facility ICSA firewall certified

Leaping Ahead—Etheria (cont.) Novell BrainShare 2002 Leaping Ahead—Etheria (cont.) Forward proxies Robust API set with SDK Advanced content filtering—images, scripts, cookies, web bugs, advertising, etc. Full virus and heuristic scanning for all proxies Emphasis on partner solutions, using open standards such as ICAP whenever possible Single Sign-On via Novell Secure Login (NSL) technology Access rules New architecture based on Novell ZENworks® policies Directory-independent solution (native LDAP) eProvisioning workflow (automated access request/approval) IO221—Novell BorderManager 3.7: What's New and Beyond

Leaping Ahead—Etheria (cont.) VPN enhancements Clients for Mac and Linux (pending research) Clustering support for VPN services Personal firewall integration 2st level Centrally managed personal firewall Configuration stored in eDirectory and pushed to VPN clients upon connection Secures VPN clients in accordance with corporate security policy while they are connected to the private network through VPN An extremely compelling market advantage Strong case for retaining proprietary VPN client

Beyond Etheria Personal firewall integration third level Centrally managed personal firewall for disconnected corporate PCs Leverage Prometheus technology Protects integrity of corporate laptops on the road whether or not they are connected to VPN service Would be a new primary product feature—a whole new reason to buy Novell BorderManager

Beyond Etheria (cont.) Proxy independence Separate NBM’s application-level functionality from the proxy engine Would allow NBM to work on top of proxy engines from other vendors (Volera, Inktomi, CacheFlow, etc.) Opens new market opportunities

Beyond Etheria (cont.) Client-side (loopback) proxy Breaks the scalability barrier for authenticated access control Leverages ZENworks® for Desktops to the benefit of both products Re-visit Web Lessons-type functionality Initially failed despite high demand because education customers typically cannot afford consulting-only solutions This functionality is still being asked for by education customers Has potential in corporate markets as well Web services consumption management

Novell BorderManager Roadmap Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar Apr May Jun 4Q01 1Q02 2Q02 3Q02 4Q02 1Q03 2Q03 EPFGS NBM 3.7 Limited Beta, Feb FCS - April 12th NBM 3.7 ENHANCEMENT PACK Target FCS – Q4 Target FCS – Q2 ETHERIA – 4.0 SDK – w/i 3 months of FCS Beta Date FCS Date Target (approx) FCS Date Electronic Release Developer Kit International Release

wiN big Access and Security table one Net solutions lab visit the in the to obtain an entry form