3.1 Enterprise Mode

In Enterprise mode, all applications, including those on the desktop and the toolbar, are enabled for SSL, regardless of whether they were opened before or after connecting to SSL VPN. In this approach, a thin client is installed on the user’s workstation. In Enterprise mode, the IP Forwarding feature is enabled by default.

Enterprise mode is recommended for devices that are managed by an organization, such as a laptop provided by the organization for its employees. Enterprise mode supports the following:

You can configure a user to connect only in Enterprise mode, depending on the role of the user. For more information, see Section 15.1, Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode.

NOTE:If you have configured a user to connect in Enterprise mode only and that user does not meet the prerequisites, then, the SSL VPN connection fails with an appropriate error message if using the applet-based Web browser, or a blank screen if an ActiveX-based Web browser is used.

This section has the following information:

3.1.1 Prerequisites

A user can access SSL VPN in Enterprise mode if the user is:

  • An administrator or a root user of the machine. or a Super user or an Administrator user in Windows Vista* user.

  • A non-admin or a non-root user who knows the credentials of the administrator or root user, or a standard user in Windows Vista.

  • The SSL VPN client components are preinstalled on the user’s machine.

3.1.2 User Scenarios

This section has the following information:

Scenario 1: User Is the Admin or Root User of the Machine

When the user is an administrator or a root user of the machine, the tool identifies the user as the admin or root user and Enterprise mode is enabled by default after the user specifies the credentials in the Access Manager page. An admin or a root user can connect to SSL VPN only in Enterprise mode unless the system administrator configures the user to connect in Kiosk mode only. For more information on how to configure users for Kiosk mode only, see Section 15.1, Configuring Users to Connect Only in Enterprise Mode or Kiosk Mode.

Scenario 2: User Is the Non-Admin or Non-Root User of Machine and Knows the Admin or Root Credentials

A non-admin or a non-root user can access SSL VPN in Enterprise mode if the user knows the administrator or root user credentials. When a non-admin or a non-root user connects to SSL VPN, the user is prompted to specify the credentials on the Access Manager page. The tool identifies that the credentials supplied are those of the non-admin or a non-root user and displays the following dialog box.

Figure 3-1 SSL VPN dialog box

The user must specify the username and password of the administrator or the root user of the machine in the dialog box, then click OK to enable Enterprise mode.

Enterprise mode is enabled by default in the subsequent sessions and the user is not prompted again for the administrator or root username and password.

Non-admin or non-root users who have connected to SSL VPN in Enterprise mode can connect to SSL VPN in Kiosk mode on the same machine. For more information, see Switching from Enterprise Mode to Kiosk Mode in the Novell Access Manager 3.1 SSL VPN User Guide.

NOTE:Users cannot switch from one mode to another if you have configured them to connect in one mode only.

Scenario 3: The User Is a Non-Admin or Non-Root User, but the Client Components are Preinstalled on the Machine

If a non-admin or a non-root user wants to install SSL VPN in Enterprise mode, you can preinstall the SSL VPN client components on the user’s machine. For more information, see Section 6.0, Preinstalling the SSL VPN Client Components. When non-admin or non-root users access the client components from a workstation that has the SSL VPN client components preinstalled, the users are not prompted to enter the credentials of the admin user or root user.

The users are connected to SSL VPN in Enterprise mode after they specify their credentials on the Access Manager login page.