Novell BorderManager 3.7 Update for N2H2 Integration: Part 1
Novell Cool Solutions: Feature
Digg This -
Posted: 23 Aug 2002
Version: Novell BorderManager 3.7
There's a new tool available to help you filter Web content, monitor the Internet access of your users, and get reports of your users' activity on the web. Novell BorderManager 3.7 is now integrated with N2H2, with support for:
- N2H2 Sentian for Novell BorderManager/Red Hat Linux and N2H2 Sentian for Novell BorderManager/Windows
- N2H2 Bess for Novell BorderManager/Red Hat Linux and N2H2 Bess for Novell BorderManager/Windows
Other partner solutions previously supported by Novell BorderManager continue to be supported by this update.
Here is a Glossary and some Q&A about the integration between Novell BorderManager 3.7 and N2H2 Category Server.
Access Control List (ACL)
ACL is an ordered list of access rules that control access to the Internet and its services. Each access rule, in the order of the list, is applied to each access request. When an access request matches the specifications in a rule, that rule is immediately applied.
Bess is an Internet content filtering solution from N2H2 specifically developed for schools. Bess is Children's Internet Protection Act (CIPA) compliant.
Categories are various headings under which URLs are classified based on their content. For example, sports, free-mail, etc.
Exception Categories are categories of URLs that contain material that may belong to a restricted/undesirable category, but also belong to a desirable category such as education, historical, etc. Exception Categories are supported by Sentian and Bess and are best used in rules in combination with other normal categories.
N2H2 is an Internet content filtering company. N2H2 solutions help customers control, manage and understand their Internet use by filtering Web content, monitoring Internet access and delivering concise reports on user activity. http://www.n2h2.com.
Novell BorderManager Access Control Rules
Novell BorderManager Access Control Rules are a prescribed set of elements that, taken together, control the ability of proxy users to access computer resources or services on the public Internet.
Sentian is an Internet content filtering solution from N2H2 that is designed for large companies.
Third-Party URL Blocking Solution
Any URL blocking solution such as Sentian or Bess from N2H2, which can integrate with Novell BorderManager, is considered a third-party URL blocking solution.
Q1: Which third-party URL blocking solutions are supported in this update of Novell BorderManager?
The Novell BorderManager 3.7 Update for N2H2 adds support for the following products:
? N2H2 Sentian for Novell BorderManager/Red Hat Linux and N2H2 Sentian for Novell BorderManager/Windows
? N2H2 Bess for Novell BorderManager/Red Hat Linux and N2H2 Bess for Novell BorderManager/Windows
Other partner solutions previously supported by Novell BorderManager continue to be supported by this update.
Q2: Novell BorderManager 3.7 runs on which platforms?
Novell BorderManager 3.7 runs on NetWare 5.1 or NetWare 6. For more details refer to: http://www.novell.com/documentation/lg/bmee37/index.html Quick Start Card.
Q3: N2H2 Sentian and Bess category servers run on which platforms?
The N2H2 category server must be installed on its own server; it can not be installed on the same server as Novell BorderManager. N2H2 can be installed on Red Hat* v7.2, Windows 2000 or Windows NT 4.0 SP 6 (please check the minimum requirements for each platform).
Q4: What are the files that have been modified or changed for the Novell BorderManager 3.7 update for N2H2?
The following files have been changed or modified for this release:
- ACLCHECK.NLM is the only NLM that has changed in this update.
- RESTRICT.DLL is the only snap-in DLL file that has changed for this update.
- PRODUCTS.DAT, N2H2.ACL and SCONTROL.ACL have been added.
- Help files have also changed for NWADMN32.
Q5: Can I use my current N2H2 Bess filtering appliance with Novell BorderManager?
No, the N2H2 Bess filtering appliance is a completely different product and will not respond to Novell BorderManager category requests. Please contact your N2H2 account manager or local reseller for migration details.
Q6: What are off-box and on-box URL blocking solutions? Should the N2H2 software be installed on-box or off-box?
Third-party URL blocking solutions can run either on the same box (on-box) as the Novell BorderManager server or on a different box (off-box). The mechanism used by Novell BorderManager to communicate with the solutions will differ based on whether they are on-box or off-box. N2H2 category server runs on a Linux or a Windows server (see above question in this section), and hence is off-box. Other third-party products may run as an on-box solution, as an NLM on the NetWare server.
Q7: Which version of Novell BorderManager should the Novell BorderManager 3.7 update for N2H2 be applied to?
The Novell BorderManager 3.7 update for N2H2 should only be applied to a Novell BorderManager 3.7 installation.
Q8: Is there any evaluation version available to check this solution?
Yes, a free Novell BorderManager 3.7 update for N2H2 is available. There is a 90-day evaluation version available for Novell BorderManager available at http://download.novell.com. You need to first install the evaluation version and then apply the Novell BorderManager 3.7 update for N2H2. N2H2 offers 30-day evaluation versions of their products.
Q9: What additional software is required for Novell BorderManager to support the N2H2 URL blocking solution, apart from the N2H2 category server?
No additional software is required. The Novell BorderManager 3.7 update for N2H2 and the N2H2 Sentian or Bess server is sufficient for Novell BorderManager to use N2H2 for URL blocking.
Q10: How does N2H2 Sentian or Bess integrate with Novell BorderManager?
Integration of Novell BorderManager and the N2H2 filter occurs through support of the Category Server Protocol (CSP) inherent in Novell BorderManager. CSP is a fast, lightweight protocol that allows Novell BorderManager to quickly query the N2H2 category server for all categories to which a given URL corresponds.
Q11: Why are multiple third-party solutions supported with Novell BorderManager? Can I use Sentian or Bess and a URL blocking product from another vendor, together with Novell BorderManager?
Multiple third-party solutions are provided to give you the choice of using a product that best suits your needs. Only one URL blocking product can be activated for Novell BorderManager access control at a time.
Q12: What should I do if I want to change my URL blocking solution to N2H2?
You should use the Novell NetWare Administrator (NWADMN32.EXE) Novell BorderManager access rules snap-in to change the configured third-party product. Please remember that once you change the URL blocking solution, the previous access rules using the old URL blocking solution will not be used. Refer to the configuration section for more details.
Q13: If there are already Access Control Rules configured with another URL blocking product before I install the Novell BorderManager 3.7 update for N2H2 and I want to switch to N2H2, what should I do before installing the Novell BorderManager 3.7 update for N2H2?
If you want to replace another product with N2H2 Sentian or Bess, and you already have rules based on the other solution's categories, you have to create equivalent rules for N2H2 and then delete the old rules. This process may be a manual task for you, since you need to figure out which category in N2H2 best describes a particular category that you have used previously. Once you have mapped the categories, do the following:
- Delete the old rules that use the other product's categories.
- Modify the configuration using NWADMN32 to change the URL blocking solution to N2H2.
- Create the rules for N2H2.
Q14: How is licensing handled for N2H2 and Novell BorderManager?
N2H2 Sentian and Bess have their own licenses; they are not integrated with Novell BorderManager. You will need to buy and install the licenses for these products separately. Please contact N2H2 for more information regarding licensing. Also see Q5 of the N2H2 section below.
Q15: Does Novell BorderManager maintain any database related to URLs or categories?
No, categorization of URLs depends on the URL blocking solution used.
Q16: Is proxy multi-threaded so that it can handle a higher load?
Yes, it can concurrently handle classification of multiple URLs.
Q17: How many simultaneous user requests can the proxy handle at a time when forwarding to a N2H2 server before utilization goes too high?
The Proxy can handle up to 5000 requests at one time.
Q18: Can I have two Novell BorderManager servers talking to the same N2H2 server?
Q19: Can I have one Novell BorderManager server talking to two N2H2 servers at the same time?
No, a Novell BorderManager server can talk to only one N2H2 server at a time.
Q20: Will N2H2 work with BMEE 3.6?
No, N2H2 will not work as a third-party blocking solution with BMEE 3.6.
Q1: What is an N2H2 category server?
The N2H2 Sentian and Bess for Novell BorderManager solutions are category servers. The N2H2 category server provides a mechanism for Novell BorderManager to query to the most effective URL blocking database while allowing Novell BorderManager to use its Access Control Rules in controlling access to the Internet. Upon receiving a URL request, Novell BorderManager sends the requested URL to the N2H2 category server and applies the category mask to the user or client IP. If the URL matches one or more categories in the mask, the N2H2 category server replies to Novell BorderManager stating whether the URL is categorized. If there is no match then an "allow" reply is sent. This is done through the CSP.
Q2: Where can I get more information on N2H2 and its Sentian and Bess category servers?
To learn more about N2H2 its products, please visit: http://www.n2h2.com.
Q3: How is licensing of Sentian and Bess handled?
You must obtain an N2H2 license to use it. Please contact your Novell BorderManager/N2H2 reseller or N2H2 to learn about obtaining an N2H2 license. The license you obtain will contain credentials that you must enter as part of the N2H2 installation and configuration process. Entering these credentials into N2H2 is called ?registering?. Consult the ?N2H2 for Novell BorderManager Administrator's Guide? for instructions on how to register. For more details please visit: http://www.n2h2.com.
Q4: How do I troubleshoot software registration issues?
Please verify the following:
- The N2H2 category server has Internet access on ports 80 and 443.
- Examine the N2H2 registration logs for more information.
Note: On the Windows Edition, go to drive: \Program Files\Sentian CS and view the DOWNWIN.LOG text file for details.
Note: On the Red Hat v7.2 Edition go to /root/n2h2 [version identification] /temp/n2h2- register.log
Q5: How do I install N2H2 Sentian and Bess category servers?
To install the N2H2 software, please follow this checklist:
- Verify that the system meets the minimum hardware and platform requirements.
- N2H2 installs on either Microsoft Windows NT* 4.0 with SP6, Microsoft Windows 2000, or Red Hat Linux 7.2.
- Review the ReadMe file on the software download page for any additional system requirements.
- Verify that the N2H2 category server has Internet access on ports 80 and 443 for the filtering database download and registration.
- Download the appropriate N2H2 software package and execute the installer.
- You will be asked for your registration credentials during the installation.
- The database will begin downloading after you submit your credentials. Upon completion of the download your N2H2 server will be available to answer Novell BorderManager URL category requests.
Q6: What happens when N2H2 is being updated?
The server will not be available during a N2H2 database update. In such updates, only changes to the database are updated. If there is a URL request during an update, any Access Control Rule that is configured with specific categories will effectively be ignored.
The requested URL is allowed or denied depending on whether the request matches an Allow rule or Deny rule first in the remaining rules in the Novell BorderManager Access Control List. If the updates occur on a daily basis keep the downtime minimal.
Q7: How do I know if the N2H2 server is down?
To identify if the N2H2 server is down:
- For Windows users: go to the Microsoft Management Console Services Panel and verify that the N2H2 filter server is started. If it is not started, attempt to restart the service. If it does not start, check the Application Event Viewer for associated errors.
- For Linux users: verify the processes are running: ps auxww | grep catserver.
Q8: What is the functionality of N2H2 Sentian and Bess category servers?
The Sentian and Bess category servers check Web requests against N2H2's comprehensive database of categorized URLs. The functionality of the category server is to provide Novell BorderManager with all the N2H2 categories under which a given URL falls.
Q9: How often does N2H2 download the URL information?
Download intervals are configurable from the N2H2 category server configuration interface. You can schedule URL database downloads to occur daily or weekly.
Q10: How many N2H2 filtering categories are available?
N2H2 has 42 categories, of which six are exception categories. A URL may fall into one or more of these categories.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com