Single Sign-on Application Architecture and Design
The subject matter of this paper is the integration of single sign-on based web architecture in place of the current design that provides multiple sites for company employees. Currently, employees wishing to access company related information are required to access approximately eight different websites and maintain records for different user names and passwords for each site. This paper will outline the design specifics that will be necessary for full integration and user functionality of the new web-based portal.
One of the initial design considerations when looking at this project was the overall network architecture that the new layout would require. Currently, users have the option to access seven of websites over a regular internet connection. The preferred browser that is used by users is Microsoft Internet Explorer. Users simply enter in the web URL and provide the required username and password when prompted. The other website is accessed via corporate VPN over a secured (https) internet connection. As with the other sites, the employees will be prompted for a username and password and then are granted access to the corporate intranet.
Since all facilities have active internet connections, the overall communications architecture is already in place for office users. As long as users are able to access a secured internet connection (https) then there should be no issue connecting to the VPN.
Once the new application architecture is implemented, employees will be required to run an internet browser (preferably IE6) with a minimum of 128-bit encryption. User will then browse to a secured URL through their web browser to establish a secure connection with the corporate VPN. This will require that each location's firewall be configured to pass all secured traffic over port 443. Once a secured connection is established, users will be prompted to login with either their username or clock number and their chosen password.
After successful authentication to the website, employees will be taken to the main graphical user interface. This interface is where the majority of user interaction will occur and intranet websites can be accessed. The layout will be composed of links to the eight websites to which users have access. Since authentication to the main corporate VPN has already taken place, each site will no longer require a separate username and password combination. Each website that the user browses to will host all information related to that site. Users will have the ease of returning to the main VPN homepage at anytime by clicking on the "home" tab that will be displayed on all pages.
The webserver will be placed in a protected area, called a Demilitarized Zone (DMZ), outside the corporate network. The DMZ will be protected by a hardened firewall server called a Bastion server. The Bastion server’s services are limited and the configuration is changed to make the server
The type of structure would include allowing customers to access their accounts through online services, as well as allowing the employees to access the customers accounts from point of sale systems on the showroom floor, as well as from behind front desks. In the back, there will be the office with servers and networking implements. There will be multiple sites, all with access to the servers which contain the customers account
Providing Full-Text Access to Eric Digest. n.p. 2003. The 'Secondary' of the 'Secondary' of the Web. The Web. The Web.
Over the past few years, Internet-enabled business, or e-business, has drastically improved efficiency and revenue growth. E-business applications such as e-commerce, supply-chain management, and remote access allow companies to streamline processes, lower operating costs, and increase customer satisfaction. Such applications require mission-critical networks that accommodate voice, video, and data traffic, and these networks must be scalable to support increasing numbers of users and the need for greater
Virtual Private Network presents some advantages over the traditional network technologies. VPN offers direct cost savings over leased lines or long-distance calls for remote access, savings resulting from reduced training requirements and equipment, increased flexibility, scalability, and security. The main advantage of VPN is the cost savings of Internet VPN when compared to networks built using conventional leased lines. Leased lines include tariffs that have an installation fee, a fixed monthly cost, and a mileage charge. The cost to an organization of traditional leased lines may be reasonable at first but can increase exponentially as the organization grows. As an organization grows and more companies must be added to the network, the number of leased lines required increases dramatically. VPN that utilizes the Internet avoids this problem by simply tapping into the geographically distributed access already available. Another way VPN reduces costs is by reducing the need for long-distance telephone charges for remote access. Instead of having the offsite team of a company dial into the corporate modem bank via long distance lines, the company’s VPN allows them to simply place local calls to the ISP’s POP in order to connect to the corporate network.
The security topology will determine what network devices are employed at what points in a network. At a minimum, the corporate connection to the Internet should pass through a firewall. This firewall should block all network traffic except that specifically authorized by the security policy. Blocking communications on a port is simple; just tell the firewall to close the port. The issue comes in deciding what services are needed and by whom, and thu...
This proposal is for a small office that will have users who are connected by Wi-Fi or cable. The network will include devices and resources that is shared among all the users. The network will need to have security measures in place to protect the entire network and keep the wireless access secure and available only to employees of the company.
For the most part we have addresses the needs of our sales force on a case by case basis but going forward we really need to ensure we have a defined policy to streamline remote access. To accomplish this there are a few benchmarks we need to achieve. First of all the network has to be reliable or in more technical terms it needs to have high availability. Most importantly we need to make sure that the network is secure as much as it is possible with all the different types of users asking for access. Lastly, we need to address how we handle employees using personal or non-company issued computers and how we ensure that those machines meet of other remote access policies.
Studies show that the cost of setting up a potential telecommuting situation for an employee or employees is dependent upon the existing technology level of the employer and potential telecommuting employee(s), the type of security network required to safeguard the data transmitted between them and the size of the operation. If an employer has a preexisting computer infrastructure including base units and server capabilities it can decrease the startup costs of a telecommuting operation. For small businesses the investment could be as little...
The future of economic competitiveness for most enterprises relies on entrance and active participation in the E-commerce. Furthermore, Dorner & Curtis, 2003 believe a common user interface replaces the multiple interfaces found among individual electronic library resources, reducing the time and effort spent by the user in both searching and learning to use a range of databases. Although the primary function of a common user interface is to simplify the search process, such products can be holistic solutions designed to address requirements other than searching, such as user authentication and site branding.
Goles, T., & Hirschheim, R. (Ed.) (1997). Intranets: The next IS solution? White Paper. Information Systems Research Center, University of Houston.
These technologies are of limited effectiveness in connecting employees while at work and at home via Berean network. Berean¡¦s infrastructure does not allow employees on the move to leverage the time they spend at meetings, in the cafeteria, and the other location to catch up on e-mail, retrieve information, or perform other work related activities (Sage Research Staff, 2005).
Network management planning and security planning involves identifying the best and most appropriate systems and hardware that the firm can use to better manage network and plan security systems. Therefore, the management required me to examine the best software and hardware systems in the market place that the company can adopt to enable it to manage the network and security. The management required me to advice on the implementation procedure of various plans that are going to be adopted. My responsibility also involved finding out or predicting the impact of the plan on the future operations. They required me to evaluate the challenges the company might face while adopting the changes in the network management plan and security plans.
the employees and vice versa. This is a way to make sure everyone will access