beautypg.com

Ssl vpn overview – H3C Technologies H3C SecBlade SSL VPN Cards User Manual

Page 7

background image

1

SSL VPN Overview

The Virtual Private Network (VPN) solution is much cheaper and more flexible than the leased line

solution. More and more enterprises are using VPN to connect the corporate headquarters, branches,

employees working at home and on business trips, and partners over the Internet.
Security Socket Layer (SSL) VPN is an emerging VPN technology. It uses SSL to provide certificate-based

identity authentication, data encryption, and data integrity check for remote users to securely access the

internal corporate network. H3C SecBlade SSL VPN greatly simplifies mobile user and network

management by providing the following benefits: easy to use, zero configurations for users, no need to

install and maintain the client, simple to deploy, high security, and fine grained security control. The H3C
SecBlade series devices can function as ingress gateways for enterprises of any size as well as proxy

gateways of internal server clusters for medium-sized and large enterprises.
SSL VPN supports three access methods:

Web access: Enables web users to access servers over HTTPS connections through the SSL VPN
gateway.

TCP access: Enables TCP-based applications to securely access server ports, including remote

desktop web access, desktop sharing, Telnet, mail transfer, Notes, and general TCP service.

IP access: Enables secure communications between user terminals and servers at the network layer
so that all IP-based user applications can securely communicate with servers.

Using role-based right management, SSL VPN can restrict user access to resources according to user

identity. In addition, it incorporates the user host security checking feature, implementing dynamic user

access rights assignment. SSL VPN gateways support Web management. An administrator can
configure and manage the SSL VPN system through a Web browser.
H3C SecBlade SSL VPN defines three roles:

Super administrator: Managers of the root domain, which is created automatically upon SSL VPN
startup. A super administrator can create domains, initialize the administrator passwords of

domains, and assign resource groups to domains.

Domain administrator: Managers of common domains, which are created by super administrators.
A domain administrator can create and delete local users, user groups, resources, resource groups,
and security policies for the domain.

SSL VPN user: Users accessing network resources through SSL VPN. An SSL VPN user must pass
authentication on the SSL VPN gateway. After authentication, an SSL VPN user can access the SSL

VPN gateway, and the SSL VPN system will assign the user access rights based on the security status

of the user and the user group to which the user belongs.

See also other documents in the category H3C Technologies Safety: