- Is the Cisco MARS mission going to abort?
- First iPhone worm spreads Rick Astley wallpaper
- 10 stunning 3D buildings made with Google SketchUp
- Open source software ready for big business
- Four reasons to buy (and one reason to avoid) the Droid
Cloud Security|Cloud computing offers advantages over building and maintaining private data centers including flexibility, reduced maintenance and operations costs and the ability to employ lower powered, lower priced personal computers.
Here's a company you haven't heard about before in this newsletter: Stoneware.
Stoneware makes a two-box SSL remote access system that supports access to Web applications as well as using full application clients on remote machines, just as if they were connecting via an IPSec VPN. This is similar to the functionality customers can get with one-box solutions from other vendors, but with a difference.
Like other SSL gear, Stoneware's webNetwork equipment requires only a Web browser on the remote computer to be able to make an authenticated secure connection over the Internet. Stoneware differs from pure SSL remote access vendors in that it comes at the business from a different direction, that of a Web portal.
The architecture for Stoneware's system is as follows. The remote machine connects to a Stoneware box known as the relay, located between firewalls in a DMZ, to establish an authenticated SSL session. The relay talks to a second Stoneware box known as the server that sits inside the firewall. The loader talks to the actual application servers the remote user is trying to reach.
When users are connected via webNetwork, they see a portal containing only those resources to which they have authorized access. So a user connects via browser to the relay, submits authentication data that is validated by the webNetwork server, then creates a portal for that particular user based on that person's access control list.
Based on Java, webNetwork puts its relay device facing the Internet and its server communicating to the relay through the firewall. So the webNetwork server and the application servers that the server proxies to are never exposed to the Internet directly. The relay is the enforcement point for allowing access or denying it. The relay also establishes an SSL connection to the remote computer and proxies to a separate SSL tunnel through the firewall to the webNetwork server.
For applications that already have their own protocol security, the gear can forego SSL encryption.
Using a technology the company calls Lockbox, remote users can sign on to the Stoneware gear and reach any application they are authorized to reach without having to authenticate again to the individual application. The equipment stores all user sign-ons for all applications they are authorized to reach, then dips into the encrypted store as needed and supplies the login that application requires.
Tim Greene is senior editor at Network World.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment