DirXML is configured through iManager, Novell's Web administration console. The interface for DirXML consists of a visual representation of drivers, filters and policies. Clicking on these launches the appropriate configuration forms. The interface is user-friendly enough to let us configure and edit simple options without much training; however, properly installing and maintaining the infrastructure is not trivial.
DirXML is extremely powerful, and we wish other vendors could incorporate it into their products. However, at this time DirXML can only be used with eDirectory. Perhaps Novell will realize the potential of this product and open it up for third-party integration.
After setting up our policies, we moved on to iChain, a reverse-proxy server used for access control. As we mentioned, Novell is the sole product to use a reverse-proxy server rather than an agent model. We had to reconfigure our network to allow access to protected resources only through the iChain proxy server, something that could be very difficult in a large, complex or distributed enterprise environment. To get the iChain server up and running, we just entered the location of our authentication server and its ISO (iChain Service Object), which is a configuration file for iChain. The ISO contains information on the resources to be protected and the rules for granting access to those resources.
The ISO is stored in eDirectory, and we used the iChain snap-in for Console One to set up and configure an ISO for our IIS and Apache Web servers. We granted and denied access to various resources by setting up static or dynamic ACLs. The dynamic lists can be based on the values of user attributes within eDirectory. We hope Novell plans to integrate iChain with iManager, which would allow all configurations from a single location.
Novell iChain 2.3. Novell, (888) 321-4272, (781) 464-8000. www.novell.com
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
