Presentation is loading. Please wait.

Presentation is loading. Please wait.

iChain ® 2.1: Introduction and Overview Lee Howarth Product Manager Novell, Inc.

Published bySydney Eaton Modified over 9 years ago

Similar presentations

Presentation on theme: "iChain ® 2.1: Introduction and Overview Lee Howarth Product Manager Novell, Inc."— Presentation transcript:

1 www.novell.com iChain ® 2.1: Introduction and Overview Lee Howarth Product Manager Novell, Inc. lhowarth@novell.com

2 Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

3

4 Agenda What is iChain ® ? Architectural overview iChain features Demonstration Affiliate Connector (quick intro) Question and answer

5 What Is iChain? “iChain is a security and management infrastructure that provides a common security framework for enabling eBusiness services while at the same time reducing complexity and total cost of ownership” iChain is a gatekeeper to web-based resources

6 Today’s Typical Environment Web servers and applications Security E-mail ERP CRM Employee Intranet LHowarth - xxx 7748-zzz HowarthL - yyy Partner Extranet Customer Internet Employee Intranet GabeW - xxx WatG - yyy 7366 - zzz Customer Internet Employee Intranet 2298- zzz HalesMY - yyy MYHales Firewall

7 Novell eDirectory™ Security infrastructure Employee One Net Customer Partner MYHales - xxx LHowarth - xxx GabeW - xxx Web servers and applications E-mail ERP CRM Novell iChain Firewall

8 Browser Web and application servers iChain Proxy Server iChain Authorization Server 1. Authentication—Who are you? 3. Single Sign-on Security 2. Access control—What do you have access to? 4. OLAC (Personalization) 5. Data confidentiality User=xx Password=xx Books=Thrillers, Horrors Novell iChain—How Does It Work?

9 Browser Web and application servers iChain Proxy Server iChain Authorization Server Domain-Based Multi-Homing Access Multiple Services through One Public IP Address 192.233.80.5 10.0.0.1 10.0.0.2 10.0.0.3 DNS Entry www.novell.com support.novell.com developer.novell.com Browser sends www.novell.com in HTTP host header

10 Authentication Service Standard browser-based access (no client) No agents required on web servers Multiple authentication methods (multi-factor)  LDAP—UserID/password (e-mail address or any LDAP field)  X.509 Certificates  Token (RSA, Vasco, Secure Computing)—dependent on RADIUS UserID and password sent over HTTPS (HTTP optional)

11 Authorization Services Access control  Leverages eDirectory hierarchy and inheritance  Access based on rules stored in eDirectory (cont.) Three different levels available –“Public” —no authentication or access control –“Restricted” —authentication only –“Secure” —authentication and access control  Access rules may be assigned to Users Groups Containers (O, OU, etc.)

12 Dynamic Access Control Adds greater flexibility to satisfy security policies  Access based on identity information  Example “Object type=User” AND “Description=Manager” Dynamic Access Control rule

13 Single Sign-On/Personalization iChain Proxy forwards user information to backend web servers—utilizes object level access control  Used for Single Sign-on ICHAIN_UID and ICHAIN_PWD can be mapped to any LDAP field (allows different names/passwords to be sent to web server)  Used for personalization Sends “Parameter=Values” (retrieved using LDAP) Form fill authentication  Stores credentials entered by user (Novell SecretStore ® )  Automatically fills form on next request

14 Data Confidentiality Secure exchange  Secure transparent (on the fly) encryption  Eliminates the need to use SSL on web servers Increases performance of web server Decreases management tasks SSL encryption strength  Force 128-bit connections No cache setting

15 User and Access Management Browser-based utilities to change user profile information and passwords Leverages eDirectory restrictions  Time restrictions, intruder lockout, password history, password expiration and grace logins Offers enhanced password management features  Non-dictionary words, minimum number of numerals /characters

16 iChain 2.1—User Certificate Mapping Why do we need this?  iChain must know the distinguished name of the user to enforce access control  Third-party certificate authorities will very rarely distribute certificates with this information in a correct format What does it do?  Provides a mapping between the information held in the certificate to the user’s distinguished name

17 iChain 2.1—User Certificate Mapping How is it configured?

18 iChain 2.1—Custom Re-Writer Why do we need this?  When hiding internal DNS infrastructure, the browser must know how to get to services using the public DNS information  The default iChain re-writer will automatically change most of the relevant content as is passes through the proxy  Certain web applications (Oracle) hard code DNS information into its data stream This must be identified and changed

19 iChain 2.1—Custom Re-Writer Browser iChain Proxy Server Finance.novell.com Oracle.prv.novell.com Without custom re-write

20 iChain 2.1—Custom Re-Writer Browser iChain Proxy Server finance.novell.com Oracle.prv.novell.com [Name=oracleFilter] [Extension] Html, htm [Replace] PARAM name=servHost Value=finance.novell.com finance.novell.com With custom re-write

21 iChain 2.1—Custom Login Pages Custom page for each accelerator

22 iChain 2.1—Custom Cert Error Page Why do we need this?  Accelerator configured to require a certificate User has no certificate—presses Cancel, goes to a blank page User has no idea what to do next

23 iChain 2.1—Session Broker Increases scalability of iChain infrastructure  Shares authentication information between proxy servers Browser Session broker

24 iChain 2.1

25 Affiliate Connector (Quick Intro) What is the Affiliate Connector?  Extends the iChain authentication and access control process to affiliates (partner sites) Web services  Uses Secure Assertions Markup Language (SAML) Learn more  IO124—Implementing B2B and B2C Solutions Using Affiliate Connector

26 Affiliate Connector (Quick Intro) 1. Authenticate 4. Redirect to Comp X. Method = ID/PW Perk = Silver Name = John Doe FF#987654321 Affiliate site Portal Affiliate Connector 2. Link to Benefits service Comp X. (iChain) Application server iChain 6. Enforce security policies 5. Authenticate to iChain using secure token Method = ID/PW Perk = Silver Name = John Doe FF#987654321 3. Generate SAML Token Affiliate user

27 Learn More About iChain BUS227  Novell Solutions at Sesame Street BUS228  How iChain Helps Ticona Improve Business Operations BUS350  How Essentialtalk Uses iChain and eDirectory for Web Commerce

28 Learn More About iChain TUT254  iChain Configuration Using the Web Server Accelerator Wizard TUT254  Avoiding the Top iChain Technical Issues TUT361  CNI Education: Protecting the Network with Novell iChain

29 wiN big one Net solutions lab Access and Security table visit the in the to obtain an entry form

30

Download ppt "iChain ® 2.1: Introduction and Overview Lee Howarth Product Manager Novell, Inc."

Similar presentations

Secure Single Sign-On Across Security Domains

Secure Single Sign-On Across Security Domains
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
Extending ForeFront beyond the limit www.AGATSolutions.com TMGUAG ISAIAG AG Security Suite.

Extending ForeFront beyond the limit TMGUAG ISAIAG AG Security Suite.
Secure Lync mobile Authentication

Secure Lync mobile Authentication
Implementing and Administering AD FS

Implementing and Administering AD FS
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.
Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.

Access and Identity Management System (AIMS) Federal Student Aid PESC Fall 2009 Data Summit October 20, 2009 Balu Balasubramanyam.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as e-mail.

Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Identity Management Report By Jean Carreon and Marlon Gonzales.

Identity Management Report By Jean Carreon and Marlon Gonzales.
Chapter 9: Novell NetWare

Chapter 9: Novell NetWare
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Similar presentations

Ads by Google