secure remote access from cyber cafe timothy siu sunone se manager [email protected]
TRANSCRIPT
![Page 2: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/2.jpg)
Agenda Current Enterprise Information Portal (EIP)
requirements
Traditional Ways to Access Corporate Networks
A Breakthrough in Corporate Networks Access
Sample Implementation of an EIP
Demonstration
Q&A
![Page 3: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/3.jpg)
Share information New policy announcement, latest
procedure/manual, new pricing scheme...
Share Services Inventory Enquiry, Office Automation... File Upload/Download, Desktop Remote
control, Terminal Access...
e-Mail, Calendar, Collaboration Lotus Notes, MS Exchange, ...
Current EIP requirement
![Page 4: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/4.jpg)
IT requirements for EIP Single point of access
Confidentiality
Strong Authentication
Role-based accessibility
Non-HTML application access
Integration with existing legacy systems
Personalization
![Page 5: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/5.jpg)
Traditional Ways to Access Corporate Networks Dial-up
Slow, high maintenance cost
Virtual Private Network Preinstall VPN client before it work Require distribution of customized software to
the end user device or desktop
Secure reverse proxy no support in accessing non-HTML resources
![Page 6: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/6.jpg)
A Breakthrough in Corporate Networks Access To User: needs only a browser and an
Internet (preferably broadband) connection
To Admin: ONE instance, multiple solutions to different users/ applications/ policies/ devices…
To Corporate: Lower Total cost of ownership (TCO), NO compromise in security!
![Page 7: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/7.jpg)
Benefits on Business Side Help increase Revenues and
Profitability Reduce operating expenses Automate & streamline processes
Help increase Competitive Advantage
![Page 8: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/8.jpg)
DMZ
Private LAN
Files:-Novell-Windows-NFS-FTP
Any Application Server Any Windows
Desktop Any WebServer
Mobile User(Employee)
Consumer accessing yourPublic Portal (Consumer)
Extranet(Partner orSupplier)
Any Service is Provisioned
Portal Server - Core
Gateway(SecureRemoteAccessPack)
Internet
Home/Telecommuter (Employee)
BranchOffice(Employee)
Lotus NotesAny W-Windows orTelnet Application
Mainframe or AS/400
Only changes to
existing LAN
![Page 9: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/9.jpg)
Ubiquitous Client NO need to install additional software at client side in order to use
Portal Server
Access HTML content/services such as Websites, Outlook Web Access, Lotus Domino
Needs only Browser which support SSL3.0, JavaScript and JDK1 .1
Access non-HTML content/services such as Mainframe, File Services, Mail Services…
Option 1: the corresponding Java Client, for example Portal’s NetFile to FTP/Novell/NFS/SMB Services OpenConnect’s TN3270 Java client to Mainframe connection
Option 2: the native Client, for example MS Outlook to MS Exchange Server Netscape Messenger to the IMAP Server Need minimal re-configuration
![Page 10: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/10.jpg)
Single Point of Access
Content
Communication
Collaboration
Commerce
Customer Care
Employee
Supplier
Partner
Customer
RepresentativeKey Services
Aggregated for...Targeted
Communities
SupplierSupplier
PartnerPartner
ContentContent
CommunicationCommunication
CollaborationCollaboration
CommerceCommerce
Customer CareCustomer Care
Any D
evice Access
EmployeeEmployee
CustomerCustomer
![Page 11: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/11.jpg)
Confidentiality
encrypted online communication by HTTPS for web-based resources and HTTPS Tunneling for non web-based
![Page 12: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/12.jpg)
Strong Authentication
![Page 13: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/13.jpg)
Strong Authentication No passwords stored on iPlanet Portal Server Real-time authentication proxying to:
Digital Certificates LDAP Unix RADIUS SafeWord SecureID Cryptocard S/Key (local) NT
![Page 14: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/14.jpg)
Role-based accessibility: Single Instance, Multiple Domain
Customer George Martha Fred Ethel Lucy Ricky
Role 1 User A User B
Role 2 User X User Y User Z
Partner
Employee
Customer
Domain 1 xyz.com uvw.com
Portal Server
![Page 15: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/15.jpg)
Role-based accessibility: Policy
Customer George Martha Fred Ethel Lucy Ricky
Role 1 User A User B
Role 2 User X User Y User Z
Domain 1 xyz.com
Portal Server ResourcesResources
![Page 16: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/16.jpg)
![Page 17: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/17.jpg)
![Page 18: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/18.jpg)
Non-HTML application access: VPN-on-demand
In Out
Native IP Stack
localhost
DownloadedApplet
Local TCPApplication Encryption
JRE
IP Stack
OutgoingRedirector
IncomingRedirector
Encryption Engine
Solaris
Intranet Services
SSL
SS
LJVM
Internet
NetLET
Browser
![Page 19: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/19.jpg)
Non-HTML Application Access via Netlet• Display Redirection
Telnet/VT100 Citrix partnership for NT and Solaris
Remote printing supported Drive mapping supported
TN3270 / TN5250 (Java-based clients via public domain or 3rd parties)
• Any TCP-based program with fixed port Lotus Notes, IMAP/POP clients etc.
• Microsoft Exchange dynamic port assignment
![Page 20: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/20.jpg)
Integration with existing legacy systems
![Page 21: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/21.jpg)
![Page 22: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/22.jpg)
Personalization
Channel Each channel represent a snapshot of
each applications/web content
Layout Channels position
Option Combination of Narrow and Wide
Channels
![Page 23: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/23.jpg)
![Page 24: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/24.jpg)
![Page 25: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/25.jpg)
![Page 26: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/26.jpg)
![Page 27: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/27.jpg)
Sample Implementation NorthWestern Mutual Employee Portal, replace existing static portal
site 8,000 employee worldwide Leader in the life insurance and financial services Key business Challenge: Extend the existing
corporate intranet to the internet to allow secure access to data and information for mobile field force and business partners
![Page 28: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/28.jpg)
Key Business Solutions
Secure remote access to information anywhere, anytime
Single point of access to corporate resources
Robust and scalable functionality
Single sign-on
![Page 29: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/29.jpg)
Design Highlights
Centralize users authentication and provide Single sign-on by using iPlanet Directory Server
Provide Single Point of Access for its corporate intranet by using Secure Remote Access Pack
Secure access in-house resources through an encrypted SSL channel
![Page 30: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/30.jpg)
Architecture
Secure remote access pack
![Page 31: Secure Remote Access from Cyber Cafe Timothy Siu SunONE SE Manager timothy.siu@sun.com](https://reader036.vdocuments.net/reader036/viewer/2022062714/56649cf85503460f949c8cdc/html5/thumbnails/31.jpg)
Q & A