www.novell.com

Using Novell iChain® 2 to Deliver Internal Network Access without a VPN

Using Novell iChain® 2 to Deliver Internal Network Access without a VPN

Brian SixTechnical Account ManagerNovell, Inc.bsix@novell.com

John ShaferSystems EngineerNovell, Inc.jshafer@novell.com

Vision…one NetA world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries

MissionTo solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

Agenda

• Describe Novell iChain®

• Components and requirements• Installation tips• iChain’s purpose in life• Configuration examples• Demonstration

Description

• iChain utilizes the world’s most scalable and widely used directory with the world’s fastest caching system

• Providing access control, security, and web Single Sign-On (SSO) to your web servers, pages, files, and applications

iChain Uses—Before iChain

Server

Server

Server

Server

Server

iChain Uses—Access Management

• Manage users and groups• Manage security—X.509• Manage Access Control Lists (ACL) Server

Server

Server

Server

Server

iChain Uses (cont.)

Web server

server

server

Web server

iChain authentication

iChain proxy

LDAP

Web server

Web app

Web app

iChain Components

• iChain proxy server Device which actually provides the security,

access control, and caching

• iChain authorization server Device that performs user authentication

[if required] on behalf of the proxy server

System Requirements:Proxy Server

• iChain proxy server Intel Pentium 3 processor or higher RAM

• 256 MB configurations support up to 18 GB storage• 512 MB configurations support up to 32 GB storage• 1 GB configurations support up to 64 GB storage• 2 GB configurations support up to 128 GB storage• 4 GB configurations support up to 256 GB storage

System Requirements:Proxy Server (cont.)

• iChain proxy server • Intel PRO/100 Desktop Adapter• Intel PRO/1000 F Server Adapter• Ultra-2 and Ultra-3 Adaptec SCSI controllers

(integrated or host adapter)• FYI—SMP is not supported, so save your

money• (Optional) three or more LAN adapters

Public, private, DMZ

System Requirements:Proxy Server (cont.)

• Tested hardware http://www.novell.com/products/iChain/

hardware.pdf

• Note: iChain 2 no longer requires an approved appliance

Any server class hardware that supports Novell NetWare® 5.1 and above will work

System Requirements:Authorization Server

• iChain authorization server• Novell eDirectory™ 8.5 or later• NetWare 5.1 with Support Pack 1

Print server FTP server Enterprise web server Web search IBM WebSphere* application server

• Windows NT* 4.0 Support Pack 4

Not loaded

iChain Proxy Server Installation Tips

• Imaging process may not start correctly You may receive an error message that the

system you are trying to image isn’t a “Valid ICS Box”

If you see this message, type BLAST at the command prompt to begin the process

iChain Proxy Server Installation Tips

• Loading system services ………………………………….

~40 Dots- Get into Debug – ALT & SHIFT + SHIFT & ESC

-At the Debug prompt type c AppScreenLock <enter>-Type 00 <enter>-Type . <enter>-At the Debug prompt, type c [DICSScreen]+28-Type 00 <enter>-Type . <enter>

iChain Auth Server Installation

• Make sure there is a RW replica on the server• Extend eDirectory schema• Install snap-ins into Novell ConsoleOne®

• Note: Be sure to allow for clear-text passwords in the LDAP group object before you begin the install

• For security reasons, you may want to consider a separate tree for authentication and to utilize the eDirectory-to-eDirectory Novell DirXML™ connector

iChain Configuration Examples

iChain—Summary

• Centralized entry and control points• Strong authentication options• Single point of administration and

tools• Web SSO• Other iChain sessions

IO220 TUT254 BUS227, 228, 350

wiN big

one Net solutions lab

Access and Security table

visit the

in the

to obtain an entry form