® Brian Breton Gradient Technologies, Inc. NetCrusader P R O D U C T F A M I L Y Extending the...
-
Upload
tamsyn-snow -
Category
Documents
-
view
215 -
download
1
Transcript of ® Brian Breton Gradient Technologies, Inc. NetCrusader P R O D U C T F A M I L Y Extending the...
®
Brian BretonBrian BretonGradient Technologies, Inc.Gradient Technologies, Inc.
NetCrusaderP R O D U C T F A M I L Y
Extending the Benefits of DCEExtending the Benefits of DCE
TOG DCE Program GroupTOG DCE Program Group
[email protected]@gradient.comAmsterdam, January 1998Amsterdam, January 1998
© 1998 Gradient Technologies, Inc.
CommonCommonAuthorization Authorization
ModelModel
NetCrusaderSecurity Server
Multiple Multiple AuthenticationAuthentication
MethodsMethods
Username/Password
Public-KeyCertificate
Two-FactorAuthentication
Customers
Partners
Employees
MultipleMultipleUserUser
PopulationsPopulations
Enterprise Security InfrastructureEnterprise Security InfrastructureMultiple Multiple
EncryptionEncryptionMethodsMethods
DES, SSL,RSA, CAST,
others
Legacy
Heritage
Web-based
Multiple Application TypesMultiple Application Types
DistributedDistributedSecurity Security
ManagementManagement
NetCrusaderCommander
© 1998 Gradient Technologies, Inc.
InfrastructureInfrastructureRequirementRequirement• Leverage existing Leverage existing
investmentsinvestments
NetCrusader approachNetCrusader approach• Support multiple Support multiple
application typesapplication types– Web-basedWeb-based
– HeritageHeritage
– LegacyLegacy
© 1998 Gradient Technologies, Inc.
InfrastructureInfrastructureRequirementRequirement• Leverage existing Leverage existing
investmentsinvestments
NetCrusader approachNetCrusader approach• Support heterogeneous Support heterogeneous
systemssystems– Windows 3.1, 95, NT; Windows 3.1, 95, NT;
MacMac
– AnyAny browser-enabled browser-enabled client!client!
– NT; UNIX (AIX, HP-UX, NT; UNIX (AIX, HP-UX, Solaris)Solaris)
© 1998 Gradient Technologies, Inc.
InfrastructureInfrastructureRequirementRequirement• Availability and ScaleAvailability and Scale
NetCrusader approachNetCrusader approach• Leverage proven, Leverage proven,
replicable, distributed replicable, distributed computing services computing services– Security servicesSecurity services
– Directory servicesDirectory services
– Time servicesTime services
– OthersOthers
© 1998 Gradient Technologies, Inc.
InfrastructureInfrastructureRequirementRequirement• Leverage existing Leverage existing
investmentsinvestments
NetCrusader approachNetCrusader approach• Implement as value-Implement as value-
added filters and added filters and extensions to extensions to commercial Web commercial Web serversservers– NetscapeNetscape
– MicrosoftMicrosoft
© 1998 Gradient Technologies, Inc.
NetCrusaderNetCrusaderSecurity ServerSecurity Server
Web browser
+ NetCrusaderNetCrusaderClientClient
Web browseronly
Leverage Existing InvestmentsLeverage Existing InvestmentsMicrosoft/Netscape
Web Server
NetCrusaderNetCrusaderCommanderCommander
ISAPI/NSAPIApplication
ProtocolFilter
Entrust/HTTP;DCE/HTTP
SSL MapperAuthZFilter
SignerNetCrusaderNetCrusaderSecuritySecurityAdapterAdapter
Username/Passwordor Public-Key Certificate
NetCrusaderCredentials
AccessPermissions
Two-factor(optional)
Two-factor(optional)
© 1998 Gradient Technologies, Inc.
Securing theSecuring theLarge EnterpriseLarge Enterprise
The Integration ofNetCrusader and Entrust
© 1998 Gradient Technologies, Inc.
NetCrusader and EntrustNetCrusader and Entrust
NetCrusaderNetCrusaderSecurity ServerSecurity Server
Web browser
+ NetCrusaderNetCrusaderClientClient
+ Entrust Client+ Entrust Client
Microsoft/NetscapeWeb Server
NetCrusaderNetCrusaderCommanderCommander
ISAPI/NSAPIApplicationCAST
ProtocolFilter
Entrust Cast /HTTP
MapperAuthZFilter
SignerNetCrusaderNetCrusaderSecuritySecurityAdapterAdapter
Public-Key Certificate
NetCrusaderCredentials
AccessPermissions
Entrust Session
Entrust/ManagerSecurity Server Entrust
Session
Token Card /SmartCard(optional)
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits• Simplified key managementSimplified key management
• Easy-of-use for administrators, users, Easy-of-use for administrators, users, developersdevelopers
• Full encryption capabilitiesFull encryption capabilities
• A single, standardized access control A single, standardized access control managementmanagement
• Easy integration into existing environmentsEasy integration into existing environments
© 1998 Gradient Technologies, Inc.
Developing SecureDeveloping SecureWeb-based Java ApplicationsWeb-based Java Applications
The Integration ofNetCrusader and NetDynamics
© 1998 Gradient Technologies, Inc.
Copyright ©1997 Gradient Technologies, Inc.
NetDynamics ComponentsNetDynamics Components
• NetDynamics StudioNetDynamics Studio– A visual tool that allows developers to create A visual tool that allows developers to create
database applications easily, using data and database applications easily, using data and code objects code objects
– Supports wizards, Java classes, generation of Supports wizards, Java classes, generation of server-side Java code server-side Java code
• NetDynamics Application ServerNetDynamics Application Server– High-performance, scalable Java-based server High-performance, scalable Java-based server
that controls applications and database that controls applications and database connectionsconnections
© 1998 Gradient Technologies, Inc.
NetCrusaderNetCrusaderSecurity ServerSecurity Server
Web browser
NetCrusader V3 and NetdynamicsNetCrusader V3 and NetdynamicsMicrosoft/Netscape
Web Server
NetCrusaderNetCrusaderCommanderCommander
NetDynamicsSecurity AdapterProtocol
Filter
SSL,Entrust/HTTP,
DCE/HTTP
MapperAuthZFilter
Signer
Username/Passwordor Public-Key Certificate
NetCrusaderCredentials
AccessPermissions
Two-factor(optional)
DBMS
NetDynamicsApplicationServer(s)
© 1998 Gradient Technologies, Inc.
Developing SecureDeveloping SecureWeb-based ApplicationsWeb-based Applications
The Integration ofNetCrusader and Bluestone Sapphire/Web
© 1998 Gradient Technologies, Inc.
Sapphire/Web ComponentsSapphire/Web Components
• Sapphire/Web IDESapphire/Web IDE– A visual tool that allows developers to create database A visual tool that allows developers to create database
applications easily, using data and code objectsapplications easily, using data and code objects
– Supports Java, C, C++ & numerous middleware choices Supports Java, C, C++ & numerous middleware choices including: IIOP, RMI, DCE, SSL and more...including: IIOP, RMI, DCE, SSL and more...
• Sapphire/Web Application ServerSapphire/Web Application Server– High-performance, replicable, fault tolerant server that High-performance, replicable, fault tolerant server that
controls applications and database connectionscontrols applications and database connections
• Sapphire/Web State ServerSapphire/Web State Server– Enables dynamic swapping of users between app serversEnables dynamic swapping of users between app servers
© 1998 Gradient Technologies, Inc.
NetCrusaderNetCrusaderSecurity ServerSecurity Server
Web browser
NetCrusader V3 and Sapphire/WebNetCrusader V3 and Sapphire/WebMicrosoft/Netscape
Web Server
NetCrusaderNetCrusaderCommanderCommander
Sapphire/WebSecurity AdapterProtocol
Filter
SSL,Entrust/HTTP,
DCE/HTTP
MapperAuthZFilter
Signer
Username/Passwordor Public-Key Certificate
NetCrusaderCredentials
AccessPermissions
Two-factor(optional)
DBMS
Sa[[hire/WebApplicationServer(s)
Java, C++, C
SapphireWebState Server
© 1998 Gradient Technologies, Inc.
Application Development & Deployment Time
Web-based Applications Web-based Applications Cuts Time-to-MarketCuts Time-to-Market
Traditional Client/Server Tools
First-GenerationWeb Tools (CGI, C++)
Second-Generation Web Tools
Application Development Time
Application Deployment Time
Key
NetDynamics/BluestoneNetDynamics/BluestoneAdvantageAdvantage
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits• More administrator control over application access More administrator control over application access
control policiescontrol policies– Exports data bindings to NetCrusader for enforcement Exports data bindings to NetCrusader for enforcement
and administrationand administration
• Easier management of security infrastructureEasier management of security infrastructure• Single standardized facility for access control Single standardized facility for access control
managementmanagement• Consistent security model across all tiers in the Consistent security model across all tiers in the
distributed environmentdistributed environment• Easier application development through more flexible Easier application development through more flexible
access control mechanismsaccess control mechanisms
© 1998 Gradient Technologies, Inc.
Extending Enterprise Security Extending Enterprise Security with Two-factor Authenticationwith Two-factor Authentication
The Integration ofNetCrusader & PC-DCE and
Security Dynamics SecurID Token Cards
© 1998 Gradient Technologies, Inc.
NetCrusader and SecurID Token Cards NetCrusader and SecurID Token Cards
NetCrusaderNetCrusaderSecurity ServerSecurity Server
Web browser
+ NetCrusaderNetCrusaderClientClient
+ SecurID + SecurID
Microsoft/NetscapeWeb Server
ISAPI/NSAPIApplication
ProtocolFilter
DCE/HTTP
MapperAuthZFilter
Signer NetCrusaderNetCrusaderSecuritySecurityAdapterAdapterUsername/Password
or Public-Key CertificateNetCrusader
CredentialsAccessPermissions
NetCrusaderNetCrusaderCommander Commander
SDI Client
SDI ACESDI ACEServerServer
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits
• Two-factor authentication adds extra level Two-factor authentication adds extra level of securityof security
• Eliminates use and risk of passwordsEliminates use and risk of passwords
• Removes user password managementRemoves user password management
© 1998 Gradient Technologies, Inc.
Portable Public-Key Portable Public-Key AuthenticationAuthentication
The Integration ofNetCrusader and
Litronic SmartCards and Readers
© 1998 Gradient Technologies, Inc.
NetCrusader and LitronicNetCrusader and LitronicSmartCards and ReadersSmartCards and Readers
NetCrusaderNetCrusaderSecurity ServerSecurity Server
Web browser
& optional NetCrusaderNetCrusader
ClientClient
Microsoft/NetscapeWeb Server
NetCrusaderNetCrusaderCommanderCommander
ISAPI/NSAPIApplication
ProtocolFilter
SSL,Entrust/HTTP,
DCE/HTTP
MapperAuthZFilter
SignerNetCrusaderNetCrusaderSecuritySecurityAdapterAdapter
Username/Passwordor Public-Key Certificate
NetCrusaderCredentials
AccessPermissions
LitronicSmartCardand Reader
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits
• Public Key authentication and mapping to a Public Key authentication and mapping to a NetCrusader Universal IdentityNetCrusader Universal Identity
• Single sign-on (SSO) to NetCrusader Single sign-on (SSO) to NetCrusader enabled applications including internally enabled applications including internally developed and 3rd party like SAP & developed and 3rd party like SAP & PeoplesoftPeoplesoft
© 1998 Gradient Technologies, Inc.
PeopleSoft looks to industrial PeopleSoft looks to industrial strength securitystrength security
The Integration ofNetCrusader and PeopleSoft
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits
• Public Key authentication and mapping to a Public Key authentication and mapping to a NetCrusader Universal IdentityNetCrusader Universal Identity
• Single sign-on (SSO) to PeopleSoft Single sign-on (SSO) to PeopleSoft applicationsapplications
• Secure Web access to Peoplesoft Secure Web access to Peoplesoft applications through standardized access applications through standardized access control managementcontrol management
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits
• Consistent security model across all tiers in Consistent security model across all tiers in the distributed environmentthe distributed environment
• Complements existing relationship with Complements existing relationship with NetdynamicsNetdynamics
• Complements strategy for other RAD Complements strategy for other RAD partners--Bluestonepartners--Bluestone
© 1998 Gradient Technologies, Inc.
Secure Web access to Secure Web access to SAP’s R/3SAP’s R/3
An Integration project by Gradient and Deloitte & Touche
for SAP
© 1998 Gradient Technologies, Inc.
NetCrusader / Deloitte & Touche NetCrusader / Deloitte & Touche IntegrationIntegration
Access Control Library
NetDynamics Security Adapter
Web Server with WebCrusader Security Adapter
NetDynamicsApplicationServer
NetCrusaderCommander
Web BrowserWeb Browser
Access Control Access Control DatabaseDatabase
SAP SAP ApplicationsApplications
Data SourceData Source
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits• Solution (NetCrusader, NetDynamics, and Solution (NetCrusader, NetDynamics, and
D&T) leverages NetCrusader security D&T) leverages NetCrusader security services and NetDynamics development services and NetDynamics development tools to create Web-based front-ends to new tools to create Web-based front-ends to new or existing SAP functionalityor existing SAP functionality
• Secure access to SAP R/3 by extracting Secure access to SAP R/3 by extracting digital signature from public key certificate digital signature from public key certificate and mapping it to a NetCrusader Universal and mapping it to a NetCrusader Universal User IdentityUser Identity
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits• Takes advantage of NetDynamics SAP Takes advantage of NetDynamics SAP
Platform Adapter Components (PAC)Platform Adapter Components (PAC)
• Single Sign-On (SSO) extends to include Single Sign-On (SSO) extends to include SAP R/3 applicationsSAP R/3 applications
• Tools for simplified, decentralized Tools for simplified, decentralized management of the security infrastructuremanagement of the security infrastructure
© 1998 Gradient Technologies, Inc.
Developing SecureDeveloping SecureObject-based ApplicationsObject-based Applications
The Integration ofPC-DCE and IONA Orbix
© 1998 Gradient Technologies, Inc.
PC-DCE and OrbixSecurityPC-DCE and OrbixSecurity
Client Orb Server Orb
Orbix RT
PC-DCE RT PC-DCE RT
Orbix RT
PC-DCE Security Server
IIOP
OrbixSecurity OrbixSecurity
© 1998 Gradient Technologies, Inc.
Integrated Product BenefitsIntegrated Product Benefits• Introduces security to object-based Introduces security to object-based
applicationsapplications• No application modification required No application modification required • Consistent security model across all tiers in Consistent security model across all tiers in
the distributed environment the distributed environment • Single standardized facility for access Single standardized facility for access
control management control management • Easier management of security infrastructureEasier management of security infrastructure
© 1998 Gradient Technologies, Inc.
There are many others...There are many others...• Transarc DFSTransarc DFS
• Transarc EncinaTransarc Encina
• Checkpoint Firewall-1Checkpoint Firewall-1
• Oracle ANOOracle ANO
• Sybase Open Client, Open ServerSybase Open Client, Open Server
• VersatilityVersatility
• ManugisticsManugistics
© 1998 Gradient Technologies, Inc.
Distributed Security ManagementDistributed Security Management
• Graphical management of users and groupsGraphical management of users and groups
© 1998 Gradient Technologies, Inc.
NetCrusader and Sapphire/Web NetCrusader and Sapphire/Web deliver the best of security and RADdeliver the best of security and RAD
• CrossRoads 98 Award CrossRoads 98 Award Winner for Security Winner for Security InfrastructureInfrastructure
• CrossRoads 98 Award CrossRoads 98 Award Winner for RAD toolsWinner for RAD tools
NetCrusader
© 1998 Gradient Technologies, Inc.
Gradient’s NetCrusaderGradient’s NetCrusadersucceeds in delivering a
comprehensive enterprise-wide security infrastructure thru both innovation and partnership with market and technology leaders
P R O D U C T F A M I L Y
®
NetCrusaderSecurity SolutionsSecurity Solutionsfor the Enterprisefor the Enterprise
Gradient Technologies, Inc.Gradient Technologies, Inc.2 Mount Royal Avenue2 Mount Royal AvenueMarlborough, MA 01752 USAMarlborough, MA 01752 USA+1 508 624 9600+1 508 624 9600
http://www.gradient.com/http://www.gradient.com/