Joe,
Here it is:
Novell's Border Manager wins early raves
By Christine Burns
Network World, 8/11/97
Novell, Inc. has been roundly criticized for its late arrival to the Web game,
but the company may have itself a winner in Border Manager.
Participants in a closed beta test said the software suite provides an
easy-to-administer way of granting end users controlled but quick access to
'Net resources. Border Manager consists of proxy caching, security control
and virtual private network (VPN) services, all linked with Novell Directory
Services(NDS) for management purposes.
''It's about time they came up with something this slick. They need a strong
product to get them back in the game,'' said George Moser, network analyst
with the National Board of Medical Examiners in Philadelphia.
Beta testers found few faults with the software, designed to sit on an
IntranetWare server at the border of the Internet and corporate network.
Novell officials saidBorder Manager will be the company's most strategically
important product next to NDS and could explode into a billion dollar
business.
Sources close to Novell said Border Manager will hit the streets Sept. 17.
Moser said a Border Manager snap-in to the NWAdmin program he uses to
manage his NetWare 4.X network lets him define Internet access rules via a
nearly identical interface to the one he uses to define end-user access to
LAN resources.
These rules are set up based on IP address, URL and content filters that
track incoming and outgoing packets. Border Manager uses Novell's
NetWare Multiprotocol Router and circuit-level gateways to screen IP and
IPX packets.
For application layer security, proxy software screens outgoing HTTP
packets.
''My DOS-based firewall forced me to define access for everybody based
only on IP addresses,'' Moser said. ''Now I grant or deny access based on
user objects in the NDS tree.''
Gary Alu, a vice president with Las Vegas-based systems integrator Wilson,
Bears and Alu, plans to recommend Border Manager to clients for
everything but a primary corporate firewall.
''It will revolutionize the way you apply secure 'Net access rules, but still
lacks some of the application-level security that Unix-based firewalls give
you,'' Alu said. Specifically, he would like Border Manager to screen
packets sent to his network via Simple Mail Transfer Protocol or Post Office Protocol 3 messaging
applications.
Novell product manager Simon Kandah said future versions will offer application-level security for
those and other protocols such as File Transfer Protocol and telnet.
The HTTP proxy also improves network performance by caching frequently accessed Web files,
beta testers said.
The proxy cache increases delivery of Web content by 30% to 50% over using only an IPX/IP
gateway, according to tests performed by Andrew Percy, president of San Jose, Calif.-based
network consulting firm Puzzle Solutions, Inc.
The Guggenheim Museum in New York is using the proxy cache to open up unlimited Internet
access to 150 employees without upgrading the leased line to the museum's Internet service
provider, said Leonard Steinbach, director of information technology there.
Users also are looking to get lots of mileage out of Border Manager's VPN service. This service
allows users to establish an encrypted link between servers over the Internet.
San Jacinto College in Houston is testing the VPN service to support a long-distance learning
program. Border Manager establishes a stronger VPN than Windows NT Server does via
Point-to-Point Tunneling Protocol, said Fred Towery, a computer science instructor at the college.
''PPTP is OK for a private individual, but when you start talking about company information, you
have to step up to the multilayered approach of Border Manager,'' he said.
Shortcomings of the VPN implementation include its inability to allow either a stand-alone client or
a non-Novell VPN server to establish a secure link with a Border Manager server, users said.
Novell's Kandah said these issues will be addressed when Novell upgrades Border Manager to
support IPSec, an Internet security protocol still under debate by the Internet Engineering Task
Force. |
