®

Gradient Technologies, Inc.Gradient Technologies, Inc.

Extending the Value of DCE Extending the Value of DCE

Open Group Members MeetingOpen Group Members MeetingSand Diego, CA USASand Diego, CA USA

April 1998April 1998

Brian BretonBrian Breton

@ 1998 Gradient Tecnologies, Inc.

AgendaAgenda• PC-DCEPC-DCE• NetCrusaderNetCrusader

• Object SecurityObject Security

• NetCrusader CommanderNetCrusader Commander

@ 1998 Gradient Tecnologies, Inc.

• PC-DCE for Windows NT/95 v2.1PC-DCE for Windows NT/95 v2.1

• PC-DCE for Windows 3.1 v1.1.1PC-DCE for Windows 3.1 v1.1.1

• Mac-DCE v2.0Mac-DCE v2.0

• SysV-DCE v1.1SysV-DCE v1.1– SCO UnixWareSCO UnixWare

– NCR MP-RASNCR MP-RAS

– Sequent Dynix/ptxSequent Dynix/ptx

PC-DCEPC-DCEProduct FamilyProduct Family

DCE for the DesktopDCE for the Desktop

@ 1998 Gradient Tecnologies, Inc.

PC-DCEPC-DCE• 100% OSF DCE compliant & compatible100% OSF DCE compliant & compatible

– Ported & developed for unique platformsPorted & developed for unique platforms

• Thinnest desktop clientThinnest desktop client– < 1.0 MB memory< 1.0 MB memory

• Configurable for many deployment needsConfigurable for many deployment needs– manual/remote installationsmanual/remote installations

– unattended installation with s/w distribution toolsunattended installation with s/w distribution tools

– download & rundownload & run

@ 1998 Gradient Tecnologies, Inc.

PC-DCE for Windows NT/95 v2.2PC-DCE for Windows NT/95 v2.2• Co-Authentication System Co-Authentication System

Security Dynamics Security Dynamics Two-factor authentication for DCE loginTwo-factor authentication for DCE login

Entrust PKIEntrust PKI Integrated Public Key/DCE authenticationIntegrated Public Key/DCE authentication

• Multi-Ethernet adapter support Multi-Ethernet adapter support – properly handle systems with multiple network properly handle systems with multiple network

connections to that segment network trafficconnections to that segment network traffic

• OSF DCE 1.2.1 basedOSF DCE 1.2.1 based

@ 1998 Gradient Tecnologies, Inc.

AgendaAgenda• PC-DCEPC-DCE

• NetCrusaderNetCrusader• Object SecurityObject Security

• NetCrusader CommanderNetCrusader Commander

@ 1998 Gradient Tecnologies, Inc.

CommonCommonAuthorization Authorization

ModelModel

NetCrusaderSecurity Server

Multiple Multiple AuthenticationAuthentication

MethodsMethods

Username/Password

Public-KeyCertificate

Two-FactorAuthentication

Customers

Partners

Employees

MultipleMultipleUserUser

PopulationsPopulations

Interoperating Across Security DomainsInteroperating Across Security DomainsMultiple Multiple

EncryptionEncryptionMethodsMethods

DES, RC4,RSA, CAST,

others

Object

Client/Server

Web-based

Multiple Application TypesMultiple Application Types

DistributedDistributedSecurity Security

ManagementManagement

NetCrusaderCommander

Heritage

@ 1998 Gradient Tecnologies, Inc.

NetCrusaderNetCrusaderSecurity ServerSecurity Server

Web browser

+ NetCrusaderNetCrusaderClientClient

Web browseronly

NetCrusader Web-based ArchitectureNetCrusader Web-based ArchitectureMicrosoft/Netscape/Oracle

Web Server(NT, Solaris, AIX, HP-UX)

NetCrusaderNetCrusaderCommanderCommander

ISAPI/NSAPIApplications

ProtocolFilter

Entrust/HTTP;DCE/HTTP

SSL NetCrusader Security Adapter

Username/Passwordor Public-Key Certificate

NetCrusaderCredentials

AccessPermissions

Two-factor(optional)

Two-factor(optional)

Delegationto backendresources

@ 1998 Gradient Tecnologies, Inc.

NetCrusaderNetCrusaderSecurity ServerSecurity Server

Web browser

+ NetCrusaderNetCrusaderClientClient

Web browseronly

NetCrusader Junction SupportNetCrusader Junction SupportMicrosoft/Netscape/Oracle

Web Server(NT, Solaris, AIX, HP-UX)

NetCrusaderNetCrusaderCommanderCommander

ISAPI/NSAPIApplications

ProtocolFilter

Entrust/HTTP;DCE/HTTP

SSL

Username/Passwordor Public-Key Certificate

NetCrusaderCredentials

AccessPermissions

Two-factor(optional)

Two-factor(optional)

Delegationto additionalweb servers

Security Adapter w/ Junction Support

@ 1998 Gradient Tecnologies, Inc.

AgendaAgenda• PC-DCEPC-DCE

• NetCrusaderNetCrusader

• Object SecurityObject Security

• NetCrusader CommanderNetCrusader Commander

@ 1998 Gradient Tecnologies, Inc.

Client ORBClient ORB Server ORBServer ORB

Orbix RT

PC-DCE RTPC-DCE RT

Orbix RTIIOP

OrbixSecurity OrbixSecurity

DCEDCESecurity Security ServicesServices

PC-DCE RTPC-DCE RTCORBA Security (Level 1)

PC-DCE/OrbixSecurity IntegrationPC-DCE/OrbixSecurity Integration

@ 1998 Gradient Tecnologies, Inc.

PC-DCE/OrbixSecurity BenefitsPC-DCE/OrbixSecurity Benefits• Proven enterprise security for object-based Proven enterprise security for object-based

applicationsapplications– No modifications required (Level 1)No modifications required (Level 1)

• Consistent security model across all tiers in Consistent security model across all tiers in the distributed environment the distributed environment

• Single, standardized interface for managing Single, standardized interface for managing access privileges access privileges

• Simplified security managementSimplified security management

@ 1998 Gradient Tecnologies, Inc.

Secure CORBA AccessSecure CORBA Access

Two-factorAuthentication

(optional)

NetCrusaderNetCrusaderSecurity ServerSecurity Server

NetCrusaderNetCrusaderCommanderCommander

CORBAApplication

Server(s)

C++, Java

CORBAApplication

Client(s)

C++, Java•Oracle•Sybase

•OrbixOTS•VisiBrokerOTM

•Tuxedo•Custom

CORBA Resources

UNIXWindows NT

•Encina•CICS

•Oracle•Sybase

•IMS•Custom

MainframeUNIX

Windows NT

DCE Resources

@ 1998 Gradient Tecnologies, Inc.

Secure Java AccessSecure Java Access

NetCrusaderNetCrusaderSecurity ServerSecurity Server

Web browser

NetCrusaderNetCrusaderCommanderCommander

CORBAApplication

Server(s)

Two-factorAuthentication

(optional)Java

Applet

C++, Java

•Oracle•Sybase

•OrbixOTS•VisiBrokerOTM

•Tuxedo•Custom

CORBA Resources

UNIXWindows NT

•Encina•CICS

•Oracle•Sybase

•IMS•Custom

MainframeUNIX

Windows NT

DCE Resources

@ 1998 Gradient Tecnologies, Inc.

AgendaAgenda• PC-DCEPC-DCE

• NetCrusaderNetCrusader

• Object SecurityObject Security

• NetCrusader CommanderNetCrusader Commander

@ 1998 Gradient Tecnologies, Inc.

Distributed Security ManagementDistributed Security Management

• Graphical management of users and groupsGraphical management of users and groups

@ 1998 Gradient Tecnologies, Inc.

NetCrusader Commander v3.2NetCrusader Commander v3.2• DCEDCE User/Group & ACL Management User/Group & ACL Management

– NetC & DCE share User/Group informationNetC & DCE share User/Group information

– CDS object ACL managementCDS object ACL management

• X.500 Browser to LDAP server for PKX.500 Browser to LDAP server for PK– browse an X.500 database with stored PK certs browse an X.500 database with stored PK certs

to view certificate distinguished name (DN)to view certificate distinguished name (DN)

– select via point & click to register the DN for the select via point & click to register the DN for the accountaccount

@ 1998 Gradient Tecnologies, Inc.

Industry PerspectivesIndustry Perspectives• Winner of Winner of Crossroads 98 A-List Crossroads 98 A-List

Award Award for technology for technology infrastructureinfrastructure

• Two Two Best-of-ShowBest-of-Show awards at awards at1997 Internet Commerce Expo1997 Internet Commerce Expo

• Finalist for Open Group 1997 Finalist for Open Group 1997 UniversaUniversa Award Award

®

NetCrusaderSecurity SolutionsSecurity Solutionsfor the Enterprisefor the Enterprise

Gradient Technologies, Inc.Gradient Technologies, Inc.2 Mount Royal Avenue2 Mount Royal AvenueMarlborough, MA 01752 USAMarlborough, MA 01752 USA+1 508 624 9600+1 508 624 9600

http://www.gradient.com/http://www.gradient.com/