Introduction to Secure Remote Access

Secure Remote Access enables remote users to securely access their organization’s network and its services over the Internet. Additionally, it gives your organization a secure internet portal, providing access to content, applications, and data to any targeted audience such as employees, business partners, or the general public.

Secure Remote Access offers browser-based secure remote access to portal content and services from any remote device. Secure Remote Access is a secure access solution that is accessible to users from any device with a Java™ technology-enabled browser, eliminating the need for client software. Integration with Portal Server ensures that users receive secure encrypted access to the content and services that they have permission to access.

Secure Remote Access software is targeted toward enterprises deploying highly secure remote access portals. These portals emphasize security, protection, and privacy of intranet resources. The architecture of Secure Remote Access is well suited to these types of portals. Secure Remote Access software enables users to securely access intranet resources through the Internet without exposing these resources to the Internet.

Portal Server can function in two modes, Open Mode and Secure Mode as described in the following sections.

Open Mode

In open mode, Portal Server is installed without Secure Remote Access. Although HTTPS communication is possible in this mode, secure remote access is not possible. Users therefore cannot access secure remote file systems and applications.

The main difference between an open portal and a secure portal is that the services presented by the open portal typically reside within the demilitarized zone (DMZ) and not within the secured intranet. A DMZ is a small protected network between the public Internet and a private intranet, usually demarcated with a firewall on both ends.

If the portal does not contain sensitive information both of either deploying public information and allowing access to free applications, then responses to access requests by a large number of users is faster than using secure mode.

In Open Mode, Portal Server is installed on a single server behind the firewall. Multiple clients access Portal Server across the Internet through the single firewall.

Figure 1–1 Portal Server in Open Mode with Secure Remote Access

Secure Mode

Secure mode provides users with secure remote access to required intranet file systems and applications.

The Gateway resides in the demilitarized zone (DMZ). The Gateway provides a single secure access point to all intranet URLs and applications, thus reducing the number of ports to be opened in the firewall. All other Portal Server services such as Session, Authentication, and the standard Portal Desktop reside behind the DMZ in the secured intranet. Communication from the client browser to the Gateway is encrypted using HTTP over Secure Sockets Layer (SSL). Communication from the Gateway to the server and intranet resources can be either HTTP or HTTPS.

In Secure Mode, SSL is used to encrypt the connection between the client and the Gateway over the Internet. SSL can also be used to encrypt the connection between the Gateway and the server. The presence of the Gateway between the intranet and the Internet extends the secure path between the client and the Portal Server.

Figure 1–2 Portal Server in Secure Mode with Secure Remote Access

Additional servers and gateways can be added for site expansion. Secure Remote Access software can be configured in various ways based on the business requirement. For more information on how to accommodate your business requirements, see Sun Java System Portal Server 7.2 Deployment Planning Guide.