Search:


AdvancedHelp
What's New
Site Map
Subscriptions

Home
NetFlash
This Week
Forums
Reviews/buyer's guides
Net Resources
Industry/Stocks
Careers
Seminars and Events
Product Demos/Evals
Audio Primers
Free newsletters

IntraNet


Error 404--Not Found

Error 404--Not Found

From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:

10.4.5 404 Not Found

The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.

If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
ARCO surfs securely
Certificate-protected extranet lets oil company collaberate safely.

By Peggy Watt
Network World, 9/28/98

Risky and costly business ventures sometimes warrant strange bedfellows. This is the case for oil and gas exploration companies in Alaska, 4,000 miles from corporate offices in the lower 48 states.

It's not uncommon for major companies searching out new oil sources to share resources such as office space, transportation, exploratory ventures and even contract workers. Not surprisingly, in this cooperative atmosphere, it's an ongoing IT challenge to ensure easy data sharing when warranted and absolute security when needed.

Take, for example, ARCO Alaska, an exploration and production company that has long maintained a demilitarized zone (DMZ) on a LAN in Anchorage. Through the DMZ, the Atlantic Richfield Co. subsidiary accommodates outsiders who are cooperating on projects with its employees.

"Basically, specific users need access to particular files," says Chander Ahuja, a technology consultant in the computing technology research group of ARCO Information Technology in Plano, Texas.

Ahuja, whose job includes studying new technologies, scrutinized the ARCO Alaska situation in early 1997. He found a variety of servers, including several departmental file servers, an Oracle database server and e-mail servers for ARCO's use only, attached to the Anchorage LAN. The DMZ was part of a fledgling intranet hosted on a Windows NT server running Microsoft Internet Information Server (IIS) Web server software.

Before the intranet, the 1,500 Alaska workers shared information with outsiders through e-mail and File Transfer Protocol functions on the Windows NT server. Giving contractors or business partners access was a tedious process that involved setting up dedicated lines and routers, says Craig Suchland, enterprise Webmaster for ARCO's global network services.

At one time, only engineers and technical staffers worked on the intranet. But increasingly, businesspeople were using it to share documents and spreadsheets.

The easier access with Web technology increased the need for security. Ahuja identified three issues: ARCO needed to communicate readily with other oil companies; employees of various ARCO subsidiaries needed to share data more easily; and everyone wanted to use Web technology.

So Ahuja looked for a Web-centric solution to the security challenge. He chose certificate technology and suggested that ARCO manage and authenticate electronic transactions centrally.

In mid-1997, Ahuja's constituents at ARCO Alaska gave the go-ahead. Even then, the project had to pass scrutiny of a security watchdog in the person of Michael DeTuncq, security consultant for ARCO's global network services. Besides wanting to solve ARCO Alaska's problem, DeTuncq wanted the solution to conform to companywide standards.

In fact, the eyes of ARCO were on this project because the corporation is interested in using more Web applications - as long as they satisfy security concerns, says Bob Decker, director of computing technology research in Plano.

Ahuja and Gary White, a systems consultant, drafted the architectural design. They suggested that all communications go through a secure server in Plano, where ARCO operates its primary data center. The security system would be an extranet; users could dial in through an Internet connection, obtain certification and connect through secured lines to wherever the project data resided.

DeTuncq set policies: The system would use 128-bit encryption and all participants needed to use browsers that supported it - primarily Version 3.0 or later of Microsoft's Internet Explorer and Netscape's Navigator. Home pages would not offer menus; users had to know and enter project titles. This way, users wouldn't even see references to items they couldn't access, DeTuncq says.

The trio reviewed several encryption and certificate authority tools and chose a package from Xcert International in Vancouver, British Columbia. The package includes Xcert's Sentry CA certificate authority and C2Net Software's Stronghold secure Web server, which is based on Apache Group's Apache Web Server, and supports the Secure Sockets Layer (SSL) standard.

Late last year, an IT team installed Stronghold and Sentry CA on a Sun Solaris Ultra 1 multiserver platform at the Plano data center.

Certifiably Secure


The IT team launched a pilot project in February and laid out the procedure for ARCO Alaska, which installed an extranet server in Plano to store data for projects involving outsiders. An ARCO project manager, in Alaska or elsewhere, arranges with the extranet team to set up the project. A CA administrator assigns a project URL on the extranet server and issues the project manager an administrator certificate.

The project manager sends e-mail to people who will work on the project and need authorization. The e-mail provides instructions, a logon and a URL for a Web page from which participants apply for their certificates. To even apply, users must know the URL.

At the hidden Web site, applicants download the ARCO root certificate, then complete an online form to request their own certificates. The request goes into a queue for the project administrator, and Sentry CA generates e-mail that acknowledges the application. A message that a request was filed goes to the project manager and the IT contacts.

When a project manager approves applications, he sends the applicants e-mail containing a URL for access to download a certificate. The certificate is user- and project-specific. An expiration date is built-in.

A browser maintains a password-protected database of all of the user's certificates. When a user goes to the project URL, Sentry CA prompts the caller's browser for a certificate. When the browser responds, the user gets a secure connection. (Suchland configures ARCO Alaska browsers to request passwords after only 10 to 15 minutes of inactivity.)

The extranet is much more efficient than ARCO Alaska's previous practice of building private networks at remote users' locations, says Suchland, noting that contractors and business partners hold about 90% of the 100 active certificates. "Project managers now are thrilled that they can just point people to a URL and let them have a certificate," he says. "New projects can be set up in a matter of minutes."

Best of all, project managers can focus on the business at hand. "There's a great deal of attention on how to build more collaborative areas. People are thinking about how to build a Web site that fits the type of work they're doing."

By the end of summer, five Anchorage projects were using the extranet, and ARCO's consumer division was piloting an extranet project.

For the latter, franchise owners of ARCO gas stations will access the extranet to view accounts, check orders and find business documents they previously couldn't easily see. A couple dozen users hold certificates and are testing this project.

Ahuja expects that by year-end, 300 certificates will be in use.

The IT staff has a long wish list from Web enthusiasts. Purchasing directors want to handle orders online, engineers want Web access to all their data and managers want to "Webify" older projects.

"The extranet has simplified life," Suchland says. "The problem now is keeping projects under control."


For more info:

Tips for Extranet-building

Planning is pivotal to a successful extranet project, especially when you're dealing with sites thousands of miles and several time zones distant. Here are some suggestions from Arco's team:

  • Talk with your users. Understand how they'll use the application, and what they do now.

  • Know your staff's expertise; outsource development tasks when appropriate.

  • Do a pilot program if possible, to work out bugs

  • Lay out procedures, and include a place for feedback for later modifications

  • No security plan is perfect! If security is important, don't relax; continue to monitor operations and expect to make changes sometimes.

  • Certificate Authority is still being refined. Keep evaluating new technology. Complementary or alternative technologies, such as smart cards, are coming down the pike.

    Back to the IntraNet index page

    P>

    • Feedback | Network World, Inc. | Sponsor Index
    Marketplace Index | How to Advertise | Copyright

    Home | NetFlash | This Week | Industry/Stocks
    Buyer's Guides/Tests | Net Resources | Opinions | Careers
    Seminars & Events | Product Demos/Info
    Audio Primers | IntraNet