At the fringes of the corporate network, there's a fine line between the intranet and the Internet. Novell Inc. calls it the "border," and the Provo, Utah, company is preparing to deliver a handful of NetWare-based applications, called Border Services, that address its accessibility, performance, security and manageability.
Novell last week gave PC Week Labs an exclusive look at Border Services, which will be formally unveiled at the BrainShare conference in Salt Lake City this week.
In an effort to provide a single point for border administration, each of the four components in Border Services has been tightly integrated with NDS (Novell Directory Services)--a boon for network managers frustrated by an overabundance of administrative consoles for file servers, routers, firewalls, wide-area communications links and remote access devices.
Both Microsoft Corp. and Netscape Communications Corp. offer proxy cache in their respective server platforms.
Both of these systems' proxy cache features must be preset by the administrator. The size of Novell's Border Services Proxy Cache, in contrast, is dynamically set by NetWare. NetWare administrators will still have to do some configuration up front, but the Proxy Cache feature should reduce administrative effort at the back end.
Using Novell's Internet Cache Protocol, multiple proxy cache servers can be linked together to form a hierarchy. This enables client requests to be satisfied from one of the local caches before data is obtained externally, adding redundancy features.
Border Services also can perform reverse proxy functions. Since the majority of client requests are for static HTML pages, cached pages at the front end reduce much of the load on back-end Web servers, leaving more of their processing resources available for Common Gateway Interface requests and functions.
Virtual private network
With the Border Services virtual private network, the link between clients and server can be encrypted to keep network communications confidential.
Border Services includes both IP-to-IPX and IP-to-IP gateways that implement the RC2 public-key encryption algorithm (40- to 128-bit keys) to secure conversations between clients and servers.
The IP-to-IP gateway function implements a virtual IP address on the external (or Internet) side of the network. This allows client access to external resources, irrespective of the client's current IP address.
For IP-based networks that don't use a registered IP address pool (such as Class C), gaining Web access doesn't require readdressing all the clients. In addition, only the single IP address is revealed during Internet communications. The gateway manages the translation, hiding all internal IP addresses.
Based on Novell's MPR
(Multi-Protocol Router), the packet filtering in Border Services is the firewall for the Network and Data Link OSI layers.
Using this component, a variety of Internet link methods are possible, including dial-up, ISDN, frame relay and asynchronous transfer mode. In fact, MPR is a robust software router that's been licensed by a number of vendors.
The server-based configuration console, though simple enough to use, lacks the GUI management capability found in the other Border Services components.
Remote access service
Novell also has placed its NetWare Connect remote access product under the broad Border Services umbrella. With all access privileges and service functions tied to NDS, administering inbound access directly into the corporate network is a breeze. Popular competitors such as Shiva Corp.'s LanRover, in contrast, require a separate management console.