iChain secures, simplifies, and accelerates your Internet initiatives. It is an integrated security solution that offers identity management and access management services within a powerful infrastructure. Through iChain, all types of Internet and remote-access initiatives are more securely available than ever before.
This section discusses some specific iChain benefits:
Web servers and Web applications are often highly vulnerable to attacks from hackers who want to crash, corrupt, or disrupt service. iChain sits as a reverse proxy between the user in the Internet space and your business Web services. With iChain, your Web servers and Web applications can be placed in a private area of your data center, and never be directly accessible from the Internet. iChain acts as a firewall so that users on the Internet can access your enterprise Web content only through iChain, allowing for tight control and protection of your Web servers and applications.
iChain incorporates in-memory and disk-based caching of content coming from Web server and Web applications. Content caching from an HTTP proxy not only gets commonly used data to the client faster, it also reduces the total number of Web servers needed to serve up a site.
It is easy to eavesdrop on Internet connections, looking for unprotected data. Sensitive business data, confidential user information, and financial records are examples of data that should always be protected over the Internet. Requiring each Web server to protect data using SSL can significantly reduce the Web server's performance. iChain can offload the expensive SSL encryption process from the Web servers, while obscuring and protecting the Web servers from Internet attack.
Using iChain as the gatekeeper (the only point of access) to enterprise Web applications increases the security of the Web server and associated identity information by preventing direct user access to the Web server itself. iChain significantly reduces the risks of hacker attacks on sensitive servers by only allowing HTTP requests to be sent to the Web server. iChain also ensures that only requests from registered DNS names, rather than anonymous IP addresses, are allowed to reach the Web server.
New company sites are continually adding new Web servers for internal employees, customers, or potential customers. Adding a new Web server that is accelerated by iChain offers the following unbeatable benefits:
By using the path-based multihoming feature within iChain, a new Web server can be made publicly available without adding a new DNS name or IP address to a DNS server or firewall.
With domain-based multihoming, host names such as www.novell.com and products.novell.com can share the same IP address.
Although a Web server might have been developed with a private host name such as www.private.com, iChain can rewrite all private host name references to a public DNS host name such as www.public.com.
Today, many companies manage user access to internal Web-based material on a server-by-server basis. These servers often run on different platforms, especially in large enterprises that have many divisions spread across a wide geographic area. A good example is a government agency with many separate departments. Each department employs its own set of standalone servers and Web applications. Something as common as modifying a user's access rights requires the IT staff to manually change all the involved systems, a time-consuming process that could necessitate a physical visit to each network server. If those servers are scattered across the entire country, the situation becomes expensive and impractical—either a single IT staff member is constantly traveling, or it becomes necessary to maintain a separate IT staff for each part of the network.
iChain solves this problem by centralizing all administrative tasks. Changes can be made through ConsoleOne®, a single utility that defines the access control policies to all resources protected by iChain, regardless of the platform or Web server used. Moreover, ConsoleOne can be run from any workstation in the network, thereby avoiding the costly upgrades and retrofits that would otherwise be needed to unify all your network resources.
iChain also delivers standard login pages for each secure Web site protected by the iChain Proxy Server. Using an HTML editor, these pages can be customized to reflect the standard look and feel of the organization or department's Web sites.