Integrated security
|
Extranet or Virtual Private Network capabilities “on demand”
while providing user, policy, and authentication services. The Gateway component
provides the interface and security barrier between remote user sessions originating
from the Internet, and your corporate intranet.
|
Extends an enterprise’s content, applications, files, and services
located behind firewalls to authorized suppliers, business partners, and employees.
To prevent denial of service attacks, you can use both internal and
external DMZ-based Gateways.
|
Secure Remote Access core
|
Users achieve remote access through four components:
-
Gateway
-
NetFile
-
Netlet
-
Proxylet
|
This component has four parts:
-
Gateway—Controls communication between the Portal Server
and the various Gateway instances.
-
NetFile—Enables remote access and operation of file
systems and directories.
-
Netlet—Ensures secure communication between the Netlet
applet on the client browser, the Gateway, and the application servers.
-
Proxylet—Proxylet sets itself up as a proxy server running
on the client's machine, and modifies the proxy settings of the browser to
point to itself ( also referred to as the local proxy server). The local
proxy server (Proxylet) then proxies all the intranet traffic through the
gateway.
|
Netlet Proxy
|
Provides an optional component that extends the secure tunnel from the
client, through the Gateway to the Netlet Proxy that resides in the intranet.
|
Restricts the number of open ports in a firewall between the demilitarized
zone (DMZ) and the intranet.
|
Rewriter Proxy
|
Redirects HTTP requests to the Rewriter Proxy instead of directly to
the destination host. The Rewriter Proxy in turn sends the request to the
destination server.
|
Enables secure HTTP traffic between the Gateway and intranet computers
and offers two advantages:
-
If a firewall exists between the Gateway and server, the firewall
needs to open only two ports: one between the Gateway and the Rewriter Proxy,
and another between the Gateway and the Portal Server.
-
HTTP traffic is secure between the Gateway and the intranet
even if the destination server only supports HTTP protocol (no HTTPS).
|