Novell Access Manager SSL Virtual Private Network



Similar documents
SSL VPN Server Guide Access Manager 3.1 SP5 January 2013

SSL VPN Server Guide. Access Manager 3.2 SP2. June 2013

SSL VPN Technical Primer

SSL VPN User Guide Access Manager 3.1 SP5 January 2013

SSL VPN Server Guide. Access Manager 4.0. November 2013

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.1 R4)

Citrix Access on SonicWALL SSL VPN

Requirements on terminals and network Telia Secure Remote User, TSRU (version 7.3 R6)

SSL-Based Remote-Access VPN Solution

Novell Access Manager

Citrix Access Gateway

Java Secure Application Manager

Get Success in Passing Your Certification Exam at first attempt!

vcloud Director User's Guide

Clientless SSL VPN Users

SSL VPN User Guide. Access Manager 4.0. November 2013

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Secure remote access to your applications and data. Secure Application Access

SSL VPN. Virtual Private Networks based on Secure Socket Layer. Mario Baldi. Politecnico di Torino. Dipartimento di Automatica e Informatica

Licenses are not interchangeable between the ISRs and NGX Series ISRs.

Securing Citrix with SSL VPN Technology

Aventail SSL VPN. Installation and Administration Guide. Version 9.0.0

Novell Access Manager

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

Setup Guide Access Manager 3.2 SP3

White Paper. BD Assurity Linc Software Security. Overview

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

Barracuda SSL VPN Administrator s Guide

Why SSL is better than IPsec for Fully Transparent Mobile Network Access

Setup Guide Access Manager Appliance 3.2 SP3

Configuring SSL VPN on the Cisco ISA500 Security Appliance

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

How To Configure SSL VPN in Cyberoam

Chapter 6 Virtual Private Networking Using SSL Connections

Dell SonicWALL SRA 7.5 Citrix Access

SSL VPN A look at UCD through the tunnel

Virtual Data Centre. User Guide

App Orchestration 2.0

Release Notes for Version

Ensure that the server where you install the Primary Server software meets the following requirements: Item Requirements Additional Details

Exhibit B5b South Dakota. Vendor Questions COTS Software Set

Remote Filtering Software

Barracuda Networks Technical Documentation. Barracuda SSL VPN. Administrator s Guide. Version 2.x RECLAIM YOUR NETWORK

Securing access to Citrix applications using Citrix Secure Gateway and SafeWord. PremierAccess. App Note. December 2001

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Clientless SSL VPN End User Set-up

Network Configuration Settings

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

USER GUIDE. FortiOS v3.0 MR7 SSL VPN User Guide.

AnyConnect VPN Client FAQ

Proof of Concept Guide

Introduction to Endpoint Security

SSL-TLS VPN 3.0 Certification Report. For: Array Networks, Inc.

Permeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions

SonicWALL PCI 1.1 Implementation Guide

Novell Access Manager

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

Administration Quick Start

Remote Management Reference

WICKSoft Mobile Documents for the BlackBerry Security white paper mobile document access for the Enterprise

How To Understand The Architecture Of An Ulteo Virtual Desktop Server Farm

What s New in Juniper s SSL VPN Version 6.0

Novell. Open Enterprise Server. vs. Microsoft * Windows * Server 2003: A Total Cost of Ownership Study for NetWare Customers.

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

RELEASE NOTES. Release Notes. Introduction. Platform. Product/version/build: Remote Control ( ) ActiveX Guest 11.

CISCO REMOTE ACCESS VPN SOLUTIONS

To participate in the hands-on labs in this class, you need to bring a laptop computer with the following:

Ensuring the security of your mobile business intelligence

Integrated Citrix Servers

SSL SSL VPN

SSL VPN User Guide. Access Manager 3.2 SP2. June 2013

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Installation Guide Access Manager 4.0 SP2

Citrix Access Gateway Plug-in for Windows User Guide

Configuration Guide BES12. Version 12.1

2003, Rainbow Technologies, Inc.

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Novell Access Manager

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

Configuring Global Protect SSL VPN with a user-defined port

Installing Management Applications on VNX for File

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Server Installation ZENworks Mobile Management 2.7.x August 2013

How To Use Netiq Access Manager (Netiq) On A Pc Or Mac Or Macbook Or Macode (For Pc Or Ipad) On Your Computer Or Ipa (For Mac) On An Ip

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Using SUSE Linux Enterprise Desktop with Microsoft * Active Directory Infrastructure

PortWise Access Management Suite

2 Downloading Access Manager 3.1 SP4 IR1

Stateful Inspection Technology

Juniper SSL VPN Notes Page 1

Remote Filtering. Websense Web Security Websense Web Filter. v7.1

S E C U R I T Y A S S E S S M E N T : B o m g a r A p p l i a n c e s

Introducing ZENworks 11 SP4

SAML 2.0 SSO Deployment with Okta

Transcription:

White Paper www.novell.com Novell Access Manager SSL Virtual Private Network Access Control Policy Enforcement Compliance Assurance

2 Contents Novell SSL VPN... 4 Product Overview... 4 Identity Server... 5 Access Gateway... 5 SSL VPN... 6 SSL VPN Features... 7 Clientless Access... 7 Client Integrity Check... 7 Access Control... 9 Security... 9 Applications... 9 Management... 9 Auditing... 9 High Availability... 10 Inactivity Time-Out...10 Keep-Alive... 10 Platforms... 11 Remote OS Supported... 11 SSL VPN Feature List... 12 Frequently Asked Questions... 13 Do I need to keep the browser open after connecting to the Novell Access Manager SSL VPN Gateway?...13 Is split tunneling supported with the Novell Access Manager SSL VPN?...13 Can I create site-to-site VPN tunnels with the Novell Access Manager SSL VPN?... 13 Can Non-administrators on Windows connect to the Novell Access Manager SSL VPN?...13 How secure is the Novell Access Manager SSL VPN?...13 Can I use Microsoft Java with Novell Access Manager SSLVPN?... 13 What are the applications that can be accessed through Novell Access Manager SSL VPN?...13 p. 2

3 N O V E L L S S L V P N Product Overview With more and more individuals working outside traditional office settings, the need for secure remote access to corporate resources has become more important than ever. No matter where the users are whether traveling nationally or internationally, working from home or on site at a partner location they should be able to access corporate resources without compromising security. The Novell Access Gateway SSL VPN (Secure Socket layer Virtual Private Network) is the product that allows secure anywhere-, anytime-access. Novell's SSL VPN is a new type of VPN based on the secure sockets layer (SSL) protocol used in e-commerce. SSL has been traditionally and widely deployed for securing web-based applications in the form of HTTPS. SSL is embedded in most IP stacks and occupies the architectural base of the application layer. Utilizing existing infrastructure, SSL VPNs are economical and offer a simple and easy experience for employees and business partners. The Novell Access Manager SSL VPN is designed to provide secure access to non-http based applications inside a corporate network. It is combined with the powerful identity services of the Novell Access Manager in order to provide authentication and policy-controlled access to enterprise resources. Novell Access Manager supports industry-leading standards such as Liberty Alliance, WS-Security, and the Security Assertions Markup Language (SAML). The Novell SSL VPN consists of an SSL VPN Gateway accelerated by reverse proxy and an Identity Server. The following figure shows these components: Illustration 1: Functioning of SSL VPN p. 3

4 Identity Server Access Gateway SSL VPN The Identity Server provides authentication services for all Novell Access Manager 3 components in addition to providing provider and consumer services for Liberty Alliance and SAML (1.1 and 2.0) requests. As with all Novell Access Manager 3 components, the Identity Server provides authentication services according to the Access Manager Policy specifications (see other Novell Access Manager 3 white papers in this series for more information). The Identity Server is responsible for authenticating users and providing policy-constrained role information to facilitate authorization decisions. The Identity Server also provides the full Liberty Alliance Web Service Framework to federate identity information. In addition to the standard Liberty Alliance Employee and Personal profiles, the Identity Server allows custom attributes to be defined, mapped and used in policy enforcement. One additional technology that the Identity Server facilitates is Federated Provisioning, which automatically creates user accounts during a federation request. Without this feature, users would need to register (create a user account) with a Service Provider before they federate their identity. The Access Gateway is the HTTP proxy component of Novell Access Manager. In addition to providing the award-winning Novell security and proxy services (authorization, single signon and data encryption), it is also integrated with the new identity, role and policy services of the Novell Access Manager. The Access Gateway provides the ability to transform Identity Provider authentication and services into standard web headers, form fill-in responses, and basic authentication responses; meaning that existing web applications may support the new identity standards without change. An example of the support for new identity services, is the policy-enabled Identity Injection feature of the Access Gateway 1 which leverages the Liberty Alliance Web Services Framework, to extract identity information and inject a higher-quality identity into web headers or query strings. Traditional IPSec solutions require client software to secure the transactions and lack granularity the administrators require, to provide appropriate access to users. Novell's SSL VPN reduces the task of deploying and managing the client solutions (e.g., IPSec) thereby reducing the overall cost. The SSL VPN can also be used on machines which are not owned by the user and not managed by corporate. Novell's SSL VPN is a Linux-based service and is accelerated by either the Linux Access Gateway or NetWare Access Gateway. After successful authentication of the user, the 1 Formerly known as OLAC (Object Level Access Control) p. 4

5 identity information is exchanged between the Access Gateway and SSL VPN, after which a Java agent/activex agent is delivered to the client. This agent establishes a secure SSL tunnel providing access to different applications as determined by policy and user/resource role. The following figure shows the SSL VPN client Interface: Illustration 2: SSL VPN User Interface p. 5

6 S S L V P N F E A T U R E S Clientless Access Client Integrity Check Novell SSL VPN is a clientless application and supports any Web browser as client. It provides access from any location, including behind a network address translation (NAT) firewall. This increases the number of points from where employees, partners, and customers can access remote network data. Clientless access simplifies the connection process for users as they do not have to install a client. It also simplifies the IT administrators' job as there is no need to configure and manage the client. Novell SSL VPN handles authentication, encryption, authorization, and session cleanup activities. The user will not see any change in applications accessed through the SSL VPN. The service is available to all users irrespective of whether root or non-root in Linux/Mac* or administrator or non-administrator in Windows*. As the user has the flexibility of using SSL VPN from any unmanaged device, there is a risk of client device compromise which can result in an undesirable damage to the corporate network through the SSL VPN tunnel. The Client Integrity Check feature of Novell's SSL VPN verifies the integrity of the client device before establishing the session. A users' workstation is verified for current and running antivirus services, firewalls, or other software, specified in the Client Integrity Check Policy, before a connection is established. Once the session is established, client integrity checks are carried out during the session to ensure that if any antivirus or firewall application running in the workstation is stopped, it is detected and the SSL VPN session is terminated. The Novell SSL VPN provides built-in templates to use standard software such as Zone Alarm and Symantec. Administrator can decide on the list of softwares and configure them in the server accordingly. The following figure shows a sample list of software configured: p. 6

7 Illustration 3: Configuring Client Integrity Check Policy p. 7

8 A C C E S S C O N T R O L Security Applications Management Auditing Simultaneously accommodating the varying needs of remote workers and ensuring data confidentiality, the SSL VPN provides access to authorized users based on their roles (such as manager, engineer or finance) and the roles of the resource. Roles can be changed or assigned to new users/resources without modifying existing access policies. Advanced access control provides administrators with the tools to easily set individual access privileges based on applications, networks or hosts. Users may be presented with a list of applications that can be accessed during the session. Novell's Access Manager SSL VPN makes minimal use of client computer resources and does not store any sensitive information remotely. All certificate associations to the SSL VPN are easily configured via the Access Manager administration console. Security options include: Encryption 256-bit or 128-bit AES encryption Integrity: Hash SHA; Authentication Username/Password (such as Active Directory or Novell edirectory); With an SSL VPN connection established, users can access authorized application servers using the standard client applications rather than being required to use web-based application clients. These standard client applications include: Client/server TCP applications, such as Microsoft* Outlook, Microsoft* Windows Terminal Services, Citrix* MetaFrame* applications, Novell Groupwise, TELNET, SSH, Passive FTP UDP-based services such as DNS, SNMP The Novell Access Manager SSL VPN is configured and monitored using the Access Manager 3 administration console. Operational statistics, alerts and health checkup features provide NOC personnel all necessary administration tools. Newly installed Access Manager SSL VPNs are automatically discovered and integrated into the administration console as are any configuration modifications that are made using the command-line interface (CLI). Further, the Novell SSL VPN Gateway can operate behind a NAT. p. 8

9 High Availability Inactivity Time-Out Keep-Alive Novell SSL VPN is integrated with Novell Audit and Sentinel to provide comprehensive details about SSL VPN sessions, SSL VPN Gateway activities and much more. The Novell Access Manager SSL VPN can be configured for high availability which makes the SSL VPN service available all the time. Administrator can configure more than one SSL VPN Gateway to service client requests in a round robin fashion. Sessions are automatically terminated if connection activity is quiescent for a configurable amount of time. Similar to the inactivity time-out, SSL VPN sessions are advised of the continued operation of both the user and gateway side via keep-alive packets. If these packets are not received for a configurable amount of time then the session is terminated. p. 9

10 P L A T F O R M S Remote OS Supported Users can access the Novell Access Manager SSL VPN Gateway from a Windows, Linux or MAC based system. A thin ActiveX client is downloaded if the browser is Microsoft Internet Explorer, otherwise, a thin Java client is downloaded. Microsoft Windows 2000 with SP4 Microsoft Windows XP with SP2 RedHat Linux 9.x Novell Linux Desktop SUSE 9.x SLED 10.x S S L V P N F E A T U R E L I S T Client Integrity Checks for antivirus, firewall Checks done throughout the session Template available for standard antivirus and firewalls Option to verify software installation Operating Systems supported for VPN client Windows Linux Macintosh Granular Access Policies Inactivity Timeout Management Interface Windows Agent Java Agent Networks, protocols, service (such as FTP Telnet), port Default 30 min, configurable. Device Manager, centralized configuration. Signed ActiveX control and Java applet. Signed Java applet. p. 10

11 F R E Q U E N T L Y A S K E D Q U E S T I O N S Do I need to keep the browser open after connecting to the Novell Access Manager SSL VPN Gateway? Yes, The browser needs to be kept open. You can minimize the browser and use the applications to connect to the protected network. Is split tunneling supported with the Novell Access Manager SSL VPN? Yes, Split Tunneling is supported. Can I create site-to-site VPN tunnels with the Novell Access Manager SSL VPN? No, you cannot create site-to-site VPN tunnels with the Novell Access Manager SSLVPN. Can Non-administrators on Windows connect to the Novell Access Manager SSL VPN? Yes, non-administrators can connect to the SSL VPN gateway using Firefox or any other browsers that supports JRE. Non-administrators or users with no administrative privilege cannot use Internet Explorer to connect to the SSL VPN Gateway as the Activex controls require administrative privilege. How secure is the Novell Access Manager SSL VPN? Novell Access Manager SSLVPN uses SSL to communicate between the clients and the server. Others cannot get the contents of the information transferred between the clients and the server, even if they get the network packets. The Inactivity Timeout feature ensures that the session is logged out if no information is passed between the client and the server for a configured time. User sessions are authenticated and cookies are cleaned up after logout. No traces of the session are left behind in the client machine after logout. Can I use Microsoft Java with Novell Access Manager SSLVPN? No. The Novell Access Manager SSL VPN supports only Sun Java. What are the applications that can be accessed through Novell Access Manager SSL VPN? Ideally you can access all TCP and UDP application. For more information on list of applications tested on SSL VPN, refer to the documentation. p. 11

12 Contact your local Novell Solutions Provider, or call Novell at: 1 888 321 4272 US/Canada 1 801 861 4272 Worldwide 1 801 861 8473 Facsimile Novell, Inc. 404 Wyman Street Waltham, MA 02451 USA 08/06 Novell, Inc. All rights reserved. 2006 Novell, Inc. All rights reserved. Novell, the Novell logo, the N logo, NetWare, SUSE and ZENworks are registered trademarks, and edirectory and Sentinel are trademarks of Novell, Inc. in the United States and other countries. *Linux is a registered trademark of Linus Torvalds. All other third-party trademarks are the property of their respective owners. p. 12

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information