Presentation is loading. Please wait.

Presentation is loading. Please wait.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc."— Presentation transcript:

1 www.novell.com Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc. candrews@novell.com Jason Arrington iChain Software Engineer Novell, Inc. jarrington@novell.com

2 Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

3

4 Agenda Architectural overview Administration overview New features in Novell iChain ® 2.x Demonstration Question and answer

5 Architectural Overview The problem The solution How it works iChain Proxy Server iChain Authorization Server Web/application servers

6 The Problem The Internet Your Web Servers

7 The Solution The Internet iChain Your Web Servers

8 How It Works Browser Web and application servers Proxy server Authorization server

9 A key component to the iChain infrastructure  Adds an additional security layer Creates a security and management infrastructure Enhances a firewall Does not allow direct access to web servers or web applications  Improves web server scalability  Accelerates content through caching  Provides in-the-flow access to the data stream iChain Proxy Server

10 iChain Authorization Server Provides authentication and access control Authentication  Standard browser-based access Username and password over HTTPS Authenticate with user ID, e-mail, or any LDAP field  Multiple authentication methods One time passwords Token-based authentication (RADIUS) X.509 digital certificates  Multi-factor authentication Combination of authentication methods

11 iChain Authorization Server (cont.) Access control  Secures your data  Present content based on user’s level of access  Highly personalized web service for the user  Maximum levels of security for the host  Access based on rules stored in Novell eDirectory™ Leverages the eDirectory hierarchy and inheritance mechanisms (ACLs) Cached on the proxy server for improved performance

12 iChain Authorization Server (cont.) Access control  Access based on rules stored Novell eDirectory (cont.) Three different levels available –“Public”: no authentication or access control –“Restricted”: authentication only –“Secure”: authentication and access control  Access rules may be assigned to: Users Groups Containers (O, OU, etc.)

13 Web/Application Servers New or legacy web servers  No agents installed on web servers  No changes required to legacy systems Support for multiple platforms  Support any HTTP server  Win NT/IIS  Solaris/Netscape  Linux/Apache

14 Web/Application Servers (cont.) Single sign-on  Forward ID and password in the HTTP authentication header so user is not prompted  Form-fill can be used for convenience  Lowers overhead cost of maintaining tables Object Level Access Control (OLAC)  Allows the use of different logon credentials than name and password  Can be used to personalize content  May be customized to meet your needs

15 Administration Overview Configuration methods Question Why a wizard? Web Server Accelerator Wizard

16 Configuration Methods Proxy server console configuration  Command-line tool  Configures all proxy parameters and settings Proxy server web-based configuration  Browser-based (IE and Netscape)  Easier to use than command-line tool ConsoleOne ® snap-ins  Use eDirectory objects and attributes for authorization and access control  Provide password management features

17 Question So, why do we need a wizard?

18 Okay, to start out, I go to my browser to create a new web server accelerator… Why A Wizard?

19 Now I go to ConsoleOne to create my protected resource…

20 Why A Wizard? And create and set up my ACL rule...

21 Then finally back to my browser to log Joe in… Why A Wizard?

22 Login failed. Hmmm. Oops, I forgot to add the sales container to my authentication profile … Why A Wizard?

23 So, since I’m in my browser, I can do that pretty quickly… Why A Wizard?

24 And then try and log Joe in again… Why A Wizard?

25 403? What the… Oh yeah, I didn’t add the sales container to the ACL rule. Why A Wizard?

26 This is getting old. Back to ConsoleOne, where I add the sales container to the ACL rule… Why A Wizard?

27 And then back to my browser to try and log Joe in once again… Why A Wizard?

28 Another 403? What is going on? Did I forget to refresh ACLCHECK? Why A Wizard?

29 Click the refresh button and that should do it… Why A Wizard?

30 Log Joe in one more time… Why A Wizard?

31 Whew… finally… Why A Wizard?

32 Web Server Accelerator Wizard ConsoleOne-based tool Centralizes all administrative tasks  Removes need to jump back and forth between tools  Run from any workstation in the network Configuration for:  Proxy server  Authorization and access control  Accelerators and authentication profiles  Multi-homing

33 New Features In iChain 2.x Session Broker Licensing Multi-homing (host, path, domain) Dynamic access control rules Future directions  Affiliate services  iManager plug-ins for administration

34 Configuration of iChain 2.x Using the Web Server Accelerator Wizard

35 wiN big one Net solutions lab Access and Security table visit the in the to obtain an entry form

36

Download ppt "Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc."

Similar presentations

Novell eDirectory™ Deployment at Hydro Quebec Richard Cabana Enterprise Technology Account Manager Novell Canada Ltd.

Novell eDirectory™ Deployment at Hydro Quebec Richard Cabana Enterprise Technology Account Manager Novell Canada Ltd.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.

5 Copyright © 2006, Oracle. All rights reserved. Securing Grid Control.
Active Directory: Final Solution to Enterprise System Integration

Active Directory: Final Solution to Enterprise System Integration
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.
Novell’s Strategy for Instant Messaging Jason Williams Product Manager Novell, Inc. Kevin Crutchfield Senior Software.

Novell’s Strategy for Instant Messaging Jason Williams Product Manager Novell, Inc. Kevin Crutchfield Senior Software.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.
Managing Thin Client Technology with DeFrame and OnDemand SM Services Pekka Lindqvist Markku Wallgren

Managing Thin Client Technology with DeFrame and OnDemand SM Services Pekka Lindqvist Markku Wallgren
Session 10 Windows Platform Eng. Dina Alkhoudari.

Session 10 Windows Platform Eng. Dina Alkhoudari.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+

CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
Enforcing Concurrent Logon Policies with UserLock.

Enforcing Concurrent Logon Policies with UserLock.
1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.

1 Guide to Novell NetWare 6.0 Network Administration Chapter 13.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Hands-On Microsoft Windows Server 20081 Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.

Hands-On Microsoft Windows Server Security Enhancements in Windows Server 2008 Windows Server 2008 was created to emphasize security –Reduced attack.
Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.
Copyright 2000 eMation SECURITY - Controlling Data Access with

Copyright 2000 eMation SECURITY - Controlling Data Access with

Similar presentations

Ads by Google