MetaFrame
Secure Access Manager
Customer Challenges
•
Remote employees need
offline
access to email.
•
Need to support additional browser beyond
Microsoft’s Internet Explorer.
•
Securing existing Enterprise Information Portal (EIP)
or other existing Web based infrastructure.
•
Displaying Java based internal Web sites and
applications.
•
Accessing internal Web sites with unique verb sets,
MetaFrame Secure Access
Manager 2.2 delivers…
•
New
Advanced
Gateway Client, providing support for:
– Most common PC browsers (IE, Netscape, etc…)
– Synchronization of Outlook 2000+ clients
– Access to java based Web sites and applications
– Access to sites incorporating unique verb sets such as WebDAV enabled sites, Outlook Web Access, etc…
MetaFrame Secure Access
Manager 2.2 delivers…
•
Alternative User Interface:
– Allows MetaFrame Secure Access Manager to direct users
to different EIPs or Web based infrastructures (other than the Access Center) immediately after authentication.
– Allows customers to leverage existing infrastructure
– Secures Enterprise Information Portals (EIPs)
F ir e w a ll
Overview: MetaFrame Secure Access Manager
F ir e w a ll Secure Gateway ICA Client SSL
Optional 2 Factor Authentication ICA logon agent logon agent
Other internal resources:
- Web Servers
- File Servers (docs)
Content Delivery Server Content Delivery Agents (CDAs) Agent Server Authentication Service Secure Ticketing Authority
Web Server State Server
State Service database Access Center Enumeration Access Indexing Engine Search Engine Index Server Gateway Client
Secure Gateway: Secure reverse proxy secures interaction with internal resources
Web Server: Serves HTML, authenticates users and issues session tickets
State Server: maintains session state and Access Center configuration
HTTP
Advanced Gateway Client
• Intercepts traffic at the IP level
• Uses the standard Windows Service
Provider Interface
• Restricts request interception to a known list of applications
and servers
• Simple to configure
• Stand alone install
Application Presentation
Session Transport
Network Data Link
Physical
Advanced Gateway Client
F ir e w a ll
Advanced Gateway Client Overview
F ir e w a ll Secure Gateway ICA Client SSL HTTP
Optional 2 Factor Authentication ICA logon agent logon agent
Other internal resources:
- Web Servers
- File Servers (docs)
Content Delivery Server Content Delivery Agents (CDAs) Agent Server Authentication Service Secure Ticketing Authority
Web Server State Server
State Service database Access Center Authorization & Authentication Enumeration Access Indexing Engine Search Engine Index Server Gateway Client
Advanced Gateway Client Setup:
Install client on users machine (can be delivered via MetaFrame Secure Access Manager at
logon)
Specify which users are allowed to use the Advanced Gateway client
Advanced Gateway Client
- Exchange Servers - Alternative UI Servers
F ir e w a ll
Securing Alternative User Interfaces
F ir e w a ll Secure Gateway ICA Client HTTP
Optional 2 Factor Authentication ICA logon agent logon agent Content Delivery Server Content Delivery Agents (CDAs) Agent Server Authentication Service Secure Ticketing Authority
Web Server State Server
State Service database Access Center Authorization & Authentication Enumeration Indexing Engine Search Engine Index Server Gateway Client
Alternate User Interface setup:
Add Alternate UI server name(s) to the Secure Access Manager server ACL (access control list)
Specify the Alternate UI URL at Secure
Gateway as the default Home Page URL Presentation
Server Farm
Other internal resources:
- Web Servers (Java/WebDAV) - File Servers (docs)
- Exchange Servers - Alternative UI Servers
Access - Alternative UI Servers
