| |
Novell iChain is an integrated security solution that offers identity-management and access-management services within a powerful eBusiness infrastructure. iChain provides secure authentication and access to portals, Web-based content and Web applications. This means that all types of eBusiness and remote-access initiatives are more securely available than ever before. To help you successfully meet your eBusiness goals, iChain encompasses the following core components:
Through these services, iChain provides Web Single Sign-on, multi-factor authentication, complete access control, and confidential data delivery across the Internet. With these features, iChain enables you to bring all aspects of your business together and move them online. In fact, iChain is the most secure foundation for identity and access management for your eBusiness.
With iChain, you can accomplish the following:
iChain's formidable security infrastructure begins with access control lists (ACLs), which are integral to directory-based security. In a standard directory framework, network resources are represented within the directory as objects. Characteristics of those objects are known as attributes. An ACL is an attribute that contains a list of who has rights to do certain things to a particular object. By representing URL information in an object, iChain can use ACLs to identify which user, group of users, or containment of users gets access to the specified Web resources.
iChain also provides support for Public Page access. By combining this support with ACLs, Web sites can be configured so that anyone can view the home page containing sensitive information. This enables you to present content according to a user's level of access control. The end result is a highly personalized Web service for the user and maximum levels of security for the host.
Although iChain seeks to connect your business with the rest of the world, it would hardly be worth the effort if this connection caused your corporate security to be compromised. ACLs are a very secure method of protecting your data, but they must rely on some form of user recognition to ensure that the person attempting to access the protected resources is who he or she claims to be. To guard against unauthorized users, iChain supports a number of authentication methods, including user identifiers (name, e-mail address, and other LDAP attributes), passwords, token-based authentication, and X.509 digital certificates.
iChain also supports multi-factor authentication, which combines several authentication methods to produce an even higher level of security. For instance, a company can require a username and password as well as a token device before granting access to a user.
To accommodate secure, token-based authentication, iChain uses the Remote Authentication Dial-in User Service (RADIUS) protocol. RADIUS enables communication between remote access servers and a central server. Secure token authentication through RADIUS is possible because iChain includes Novell Modular Authentication Service RADIUS software that you can run on your existing NetWare® server.
In addition, iChain's Proxy Services offloads Secure Sockets Layer (SSL) encryption tasks from the Web server. As well as freeing the server from the processor-intensive task of encoding and decoding SSL protocols, iChain adds another layer of security between the Internet and your network. Before users authenticate to eDirectory, iChain's Proxy Services establishes an SSL session with the users' browsers. This prevents unauthorized users from intercepting passwords and other authentication credentials. iChain also leverages Novell Certificate ServerTM, a security product that ships with NDS® eDirectory 8.5. Novell Certificate Server enables you to create and manage digital certificates of your own or import them from third-party vendors.
Whether the user of your Web site is an employee or a potential customer, the experience that person has at your site is often determined by convenience. Helping enhance each user's experience, iChain incorporates an innovative service called Web Single Sign-on. Thanks to this service, users need to log in only once to gain access to multiple applications and platforms.
Single Sign-on is possible because iChain authenticates the user from a centralized NDS profile. When the user requests access to a specific server, iChain retrieves the appropriate user credentials and transparently submits them to the Web server, usually in the form of username and password. The user sees no login request; but sees only the end result as access is either granted or denied.
iChain also offers users a convenient form-fill authentication feature that simplifies access to Web applications. With the form-fill feature, you must first authenticate to iChain before access to the Web-application form page is granted. As you enter your credentials into the form, the information is automatically stored on your user object in NDS eDirectory using the Novell SecretStoreTM. From then on, when you connect to that Web page and need to authenticate via the same Web-application form, iChain automatically retrieves your credentials and completes the form for you.
By making your services more readily available, you can strengthen customer loyalty and offer employees convenient access to business-critical information. Single Sign-on also lowers the overhead costs associated with maintaining many different tables of usernames and passwords on numerous servers.
Today, many companies manage user access to internal Web-based material on a server-by-server basis. These servers often run on different platforms, especially in large enterprises that have many divisions spread across a wide geographic area. A good example is a government agency with many separate departments. Each department employs its own set of standalone servers and Web applications. Something as common as modifying a user's access rights would require the IT staff to manually change all the involved systems, a time-consuming process that could necessitate a physical visit to each network server. If those servers are scattered across the entire country, the situation becomes expensive and impractical --- either a single IT staff member is constantly traveling, or it becomes necessary to maintain a separate IT staff for each part of the network.
iChain solves this problem by centralizing all administrative tasks. Changes can be made through ConsoleOneTM, a single utility that defines the access controls to all iChain-protected servers, regardless of the platform or Web server used. Moreover, you can run ConsoleOne from any workstation in the network, thereby avoiding the costly upgrades and retrofits that would otherwise be needed to unify all your network resources.
Finally, iChain delivers standard login pages for each secure Web site hosted by the proxy server. Using an HTML editor, you can customize these login pages to reflect the look and feel of your organization's Web site and personalize them for each user group within your eBusiness infrastructure.
Novell iChain includes a new installation wizard that is a time-saving, cost-effective configuration solution. The wizard enables you to customize how iChain's features will complement your network structure and eliminates several steps required by traditional configuration and installation processes. By presenting you with several questions about your configuration preferences, the wizard helps you create a configuration file that has all the necessary parameters to configure iChain.
Trying to run eBusiness applications from different vendors is usually an exercise in frustration. Because applications cannot automatically share data across the enterprise, your business infrastructure becomes fragmented. With iChain you can provide new avenues of data protection while securely consolidating all the elements of your computing environment into one Net.
To facilitate the transformation from traditional business to eBusiness, iChain integrates with Novell DirXMLTM. DirXML is an Extensible Markup Language (SML) solution that reliably synchronizes databases and directories from various applications and vendors. The iChain package also supports Lightweight Directory Access Protocol (LDAP) and includes a number of application programming interfaces (APIs) that allow you to customize applications as needed to ensure a smooth fit within your network.
| |