View
222
Download
2
Tags:
Embed Size (px)
Citation preview
www.novell.com
Novell iChain® 2.x Configuration Using the Web Server Accelerator Wizard
Novell iChain® 2.x Configuration Using the Web Server Accelerator Wizard
Cary AndrewsSenior Software EngineerNovell, [email protected]
Jason ArringtoniChain Software EngineerNovell, [email protected]
Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries
MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
Agenda
• Architectural overview• Administration overview
• New features in Novell iChain® 2.x
• Demonstration• Question and answer
Architectural Overview
• The problem• The solution• How it works• iChain Proxy Server• iChain Authorization Server• Web/application servers
The Problem
The Internet
Your
WebServers
The Solution
The Internet
iChain
Your
WebServers
How It Works
Browser
Web and application
servers
Proxy
server
Authorization server
• A key component to the iChain infrastructure Adds an additional security layer
• Creates a security and management infrastructure
• Enhances a firewall • Does not allow direct access to web servers
or web applications Improves web server scalability Accelerates content through caching Provides in-the-flow access to the data stream
iChain Proxy Server
iChain Authorization Server
• Provides authentication and access control• Authentication
Standard browser-based access• Username and password over HTTPS• Authenticate with user ID, e-mail, or any LDAP field
Multiple authentication methods• One time passwords• Token-based authentication (RADIUS)• X.509 digital certificates
Multi-factor authentication• Combination of authentication methods
iChain Authorization Server (cont.)
• Access control Secures your data Present content based on user’s level of access Highly personalized web service for the user Maximum levels of security for the host Access based on rules stored in Novell
eDirectory™• Leverages the eDirectory hierarchy and inheritance
mechanisms (ACLs)• Cached on the proxy server for improved performance
iChain Authorization Server (cont.)
• Access control Access based on rules stored Novell eDirectory
(cont.)
• Three different levels available– “Public”: no authentication or access control– “Restricted”: authentication only– “Secure”: authentication and access control
Access rules may be assigned to:• Users• Groups• Containers (O, OU, etc.)
Web/Application Servers
• New or legacy web servers No agents installed on web servers No changes required to legacy systems
• Support for multiple platforms Support any HTTP server Win NT/IIS Solaris/Netscape Linux/Apache
Web/Application Servers (cont.)
• Single sign-on Forward ID and password in the HTTP
authentication header so user is not prompted Form-fill can be used for convenience Lowers overhead cost of maintaining tables
• Object Level Access Control (OLAC) Allows the use of different logon credentials
than name and password Can be used to personalize content May be customized to meet your needs
Administration Overview
• Configuration methods• Question• Why a wizard?• Web Server Accelerator Wizard
Configuration Methods
• Proxy server console configuration Command-line tool Configures all proxy parameters and settings
• Proxy server web-based configuration Browser-based (IE and Netscape) Easier to use than command-line tool
• ConsoleOne® snap-ins Use eDirectory objects and attributes for
authorization and access control Provide password management features
Question
So, why do we need a wizard?So, why do we need a wizard?
Okay, to start out, I go to my browser to create a new web server accelerator…
Why A Wizard?
Why A Wizard?
Now I go to ConsoleOne to create my
protected resource…
Why A Wizard?
And create and set up my ACL rule...
Then finally back to my browser to log Joe in…
Why A Wizard?
Login failed. Hmmm. Oops, I forgot to add
the sales container to my authentication profile …
Why A Wizard?
So, since I’m in my browser, I can
do that pretty quickly…
Why A Wizard?
And then try and log Joe in again…
Why A Wizard?
403? What the… Oh yeah, I didn’t add the sales container
to the ACL rule.
Why A Wizard?
This is getting old. Back to ConsoleOne, where I add
the sales container to the ACL rule…
Why A Wizard?
And then back to my browser to try and log Joe in
once again…
Why A Wizard?
Another 403? What is going on?
Did I forget to refresh ACLCHECK?
Why A Wizard?
Click the refresh button and that should do it…
Why A Wizard?
Log Joe in one more time…
Why A Wizard?
Whew… finally…
Why A Wizard?
Web Server Accelerator Wizard
• ConsoleOne-based tool• Centralizes all administrative tasks
Removes need to jump back and forth between tools
Run from any workstation in the network
• Configuration for: Proxy server Authorization and access control Accelerators and authentication profiles Multi-homing
New Features In iChain 2.x
• Session Broker• Licensing• Multi-homing (host, path, domain)• Dynamic access control rules• Future directions
Affiliate services iManager plug-ins for administration
Configuration of iChain 2.x Using the Web Server Accelerator Wizard
wiN big
one Net solutions lab
Access and Security table
visit the
in the
to obtain an entry form