Integrated security
|
Extranet or Virtual Private Network capabilities “on demand” while
providing user, policy, and authentication services. The Gateway component provides
the interface and security barrier between remote user sessions originating from the
Internet, and your corporate intranet.
|
Extends an enterprise’s content, applications, files, and services located
behind firewalls to authorized suppliers, business partners, and employees.
To prevent denial of service attacks, you can use both internal and external
DMZ-based Gateways.
|
SRA core
|
Users achieve remote access through four components:
-
Gateway
-
NetFile
-
Netlet
-
Proxylet
|
This component has four parts:
-
Gateway—Controls communication between the Portal Server and
the various Gateway instances.
-
NetFile—Enables remote access and operation of file systems
and directories.
-
Netlet—Ensures secure communication between the Netlet applet
on the client browser, the Gateway, and the application servers.
-
Proxylet—Proxylet sets itself up as a proxy server running on
the client's machine, and modifies the proxy settings of the browser to point to
itself ( also referred to as the local proxy server). The local proxy server (Proxylet)
then proxies all the intranet traffic through the gateway.
|
Netlet Proxy
|
Provides an optional component that extends the secure tunnel from the client,
through the Gateway to the Netlet Proxy that resides in the intranet.
|
Restricts the number of open ports in a firewall between the demilitarized zone
(DMZ) and the intranet.
|
Rewriter Proxy
|
Redirects HTTP requests to the Rewriter Proxy instead of directly to the destination
host. The Rewriter Proxy in turn sends the request to the destination server.
|
Using the Rewriter Proxy enables secure HTTP traffic between the Gateway and
intranet computers and offers two advantages:
-
If a firewall exists between the Gateway and server, the firewall
needs to open only two ports: one between the Gateway and the Rewriter Proxy, and
another between the Gateway and the Portal Server.
-
HTTP traffic is now secure between the Gateway and the intranet even
if the destination server only supports HTTP protocol (no HTTPS).
|