Novell® iChain® 2.3
Upcoming SlideShare
Loading in...5
×
 

Novell® iChain® 2.3

on

  • 4,880 views

 

Statistics

Views

Total Views
4,880
Views on SlideShare
4,880
Embed Views
0

Actions

Likes
0
Downloads
21
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • This means that no work is lost with either the Novell Nsure UDDI corporate or testing solution. Enterprises that build their UDDI solutions with Novell Nsure UDDI Server, are not only leveraging the deep experience Novell Identity Management foundation brings to the standard, they are securing their own future by building on an open standard implementation that will grow and scale with their corporate needs.

Novell® iChain® 2.3 Novell® iChain® 2.3 Presentation Transcript

  • Novell ® iChain ® 2.3
  • Firewall Student Intranet Internet Staff Extranet Professor NT IIS Solaris/ Netscape SECURITY Web Servers and Applications SECURITY Linux/ Apache SECURITY
      • Direct Access to Web Servers
      • Multiple User Identities
      • Need to install SSL services on each web server
      • Need to change links in HTML content from HTTP to HTTPS
      • Many different Web Server Technologies
    What are the Customer Problems?
  • Firewall Student Intranet Internet Staff Extranet Professor NT IIS Solaris/ Netscape SECURITY Web Servers and Applications SECURITY Linux/ Apache SECURITY
      • Direct Access to Web Servers
      • Need to install SSL services on each web server
      • Need to change links in HTML content from HTTP to HTTPS
      • Often need to modify applications authentication process
      • Many different Web Server Technologies
    Competitors Solution
  • Firewall SECURITY INFRASTRUCTURE Web Servers and Applications Student One Net Staff Professor The Novell Solution NT IIS Solaris/ Netscape Linux/ Apache eDirectory ™ iChain ®
    • Single Authentication Point
    • Provides Web Single Sign On Sends Personalized content to applications
    • Rewrites HTML data
    • Dynamically encrypts content as it passes through proxy
    • Single SSL Certificate can be used for all internal web sites (proxy based)
    • No change to HTML content
    • No change to applications authentication process
    • Secures all HTTP servers
    • Remove Direct Access to Web Servers
  • Novell iChain - How does it work? 2. Access Control- What do you have access to? Browser Proxy Server iChain Authorization Server Web and application servers Security 1. Authentication- Who are you ? 3. Single Sign On 4. OLAC (Personalization) 5. Data Confidentiality User=xx Password=xx Books=Thrillers, Horrors ACL ACL
  • Authentication Service
    • Standard browser based access (no client)
    • No agents required on Web Servers
    • Multiple Authentication Methods (Multi-Factor)
      • LDAP - UserID/Password (email address or any LDAP field)
      • X.509 Certificates
      • Token (RSA, Vasco, Secure Computing) – dependent on RADIUS
    • UserID and Password sent over HTTPS (HTTP optional)
  • Authorization Services
    • Resources are defined as:
      • “ Public” -no authentication or access control
      • “ Restricted” -authentication only
      • “ Secure” -authentication and access control
    • Access Control - Static and Dynamic Rules
      • Access based on rules stored in eDirectory ™
      • Leverages NDS ® hierarchy and inheritance
      • Access rules may be assigned to Users, Groups, Roles and Containers (O, OU, etc.)
      • Dynamic Rules supports business logic by querying the users object for specified identity information
  • Automating Access Control – Integration with DirXML ® Dynamic Access Rule – checks User’s attributes for matching criteria HR Application PeopleSoft® iChain Proxy ACL eDirectory DirXML
  • Single Sign-On / Personalization
    • iChain Proxy forwards user information to backend web servers - Utilizes Object Level Access Control (OLAC)
      • OLAC is used for Single Sign-on
        • ICHAIN_UID and ICHAIN_PWD can be mapped to any LDAP field (allows different names / password to be sent to web server)
      • OLAC is used for Personalization
        • Sends “Parameter=Values” (retrieved using LDAP)
      • OLAC can retrieve user credentials from Novell SecretStore ®
    • Form Fill Authentication
      • Stores credentials entered by user (Novell SecretStore)
      • Automatically fills form on next request
  • Data Confidentiality
    • Secure Exchange
      • Secure Transparent (on the fly) encryption
      • Eliminates the need to use SSL on web servers
        • Increases performance of web server
        • Decreases management tasks
    • SSL Encryption Strength
      • Force 128-bit connections
      • Force 3DES encryption (iChain 2.2)
    • No Cache Setting
  • User and Access Management
    • Browser Based Utilities to change user profile information and passwords
    • Leverages eDirectory restrictions
      • Time Restrictions, Intruder Lockout, Password History, Password Expiration and Grace Logins
    • Offers enhanced Password Management features
      • Non-Dictionary Words, Minimum number of numerals / characters
  • Typical Customer – ACME Inc.
    • ACME Inc is looking to:
    • Provide Authorized Access to Internal Systems from the Internet
    • Provide Single Sign-On to all Services (for employees and customers)
    • Maintain Data Confidentiality
    • Deliver content as quickly as possible
    Browser People Soft ® Oracle ® Windows 2000 ®
  • ACME Inc. Basic (DMZ) Implementation Browser People Soft ® Oracle ® Windows 2000 ®
    • Provide Authorized Access to Internal Systems from the Internet
    • Provide Single Sign-On to all Services (for employees and customers)
    • Maintain Data Confidentiality
    • Deliver content as quickly as possible
    Internet Intranet iChain Proxy Cache iChain Authorization Server Novell iChain iChain Basic Authentication Single Sign-on iChain Form Fill Single Sign-on ACL ACL ACL
  • Implementation - Fault Tolerance / Load Balanced (DMZ) Browser iChain Proxy iChain Proxy L4 Switch Web Traffic LDAP Backup LDAP Web Servers eDirectory
  • SAML-based Single Sign-On
    • B2B partners need to ensure that they can trust the identity information being presented through a B2B partner
    HOSPITAL 1 HOSPITAL 2 Physician connects to internal system and requests patient records from Hospital 2 1 Physician is redirected to Hospital 2 with SAML Assertions generated by Hospital 1 2 After the physicians status is cleared the patient details are securely delivered to the physician 4 Hospital 2 needs to verify that the users credentials were supplied by a trusted partner 3
  • SAML Extensions for iChain
    • Provides SAML-based single sign-on capabilities for iChain
      • Single sign-on to-and-from business partners with SAML 1.0 capable products
      • Supports authentication and attribute assertions
      • Supports Browser Post and Artifact methods
      • For more information please attend IO143 “SAML & Liberty Alliance Single Sign-on”
  • For more information…
    • Visit any of the following Web resources:
    • Novell iChain product page: www.novell.com/products/ichain/
    • Novell iChain Cool Solutions site: www.novell.com/coolsolutions/icmag/
    • Novell Nsure solution site: www.novell.com/nsure
  • Novell ® iChain ® 2.3 Server Configuration
  • Novell ® iChain ® 2.3 Application Configuration
  • Novell ® iChain ® 2.3 Live Demonstration
  •  
  • Unpublished Work of Novell, Inc. All Rights Reserved. This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.