 |
|
| Borderware
Document Gateway
by Bob Walder
Any organisation that has a large amount of corporate material cluttering up its servers will have cottoned on to the idea of the intranet. By fusing Web technology with the existing network, it is possible to provide simple access to that material via the standard Web browser on everyone’s desktop. The problem with the corporate Web site, of course, is that it requires maintenance. It is a static repository, the HTML pages reflecting the information as it was when it was first presented to the Webmaster or Web designers. If we are dealing with data that is changed regularly – such as a product catalogue or price list – then it can be a full-time job to maintain the Web pages associated with it. This is often a real duplication of effort too, since someone invariably produces this material in a Word document or Excel spreadsheet before it is passed to the Webmaster. Where such data is stored in a database, links from the Web server to the database can often provide dynamically-updated Web pages with up-to-date pricing information taken straight from the product database. However, such applications are usually beyond the means of small to medium-sized organisations, and there still remains the problem of “webifying” all the other corporate data – the HR manuals, company newsletters, and so on. Some of these documents would also be of interest to customers and partners too, but it is difficult to control access to specific sections of a Web site depending on who is viewing it. Ideally, we would like to be able to make the original document – whether it is Word, Excel, Lotus, WordPerfect, PowerPoint, Publisher or Adobe Acrobat – available to the people who need it. Of course, we are back to the idea of accessing the original material directly from the file server, but this does not help those who are unfamiliar with the directory structure, nor does it allow us to share sensitive internal documents with external entities such as business partners or remote users. After all, would you really want to place your corporate file server outside your firewall? Actually, this is exactly what you can do with BorderWare Document Gateway. BorderWare has made its name as the producer of the BorderWare firewall, and has now decided to use the secure kernel from the firewall as a basis for a new range of secure software “appliances”, the first of which is the Document Gateway. The result is an extremely secure platform that has all the security and robustness of the BorderWare firewall, and running only the software that is necessary to perform its dedicated function. In the case of the Document Server, there is an Apache Web Server listening on ports 80 (HTTP) and 443 (SHTTP) and some custom code to handle authentication, access controls, document uploads, and so on.
Installation is as straightforward as you can get, all the more amazing when you realise that the underlying software is a hardened version of BSD Unix. Recent improvements in the OS, however, have resulted in a much broader hardware support, and the Document Server installation performs full auto-detection of the host platform and its peripherals and configures itself accordingly. The “Automatic” installation option is pretty much exactly that, whilst the “Custom” options provides the means to alter disk layout, network settings and so on. There is also the option to install from CD or across the network from an image stored on a central file server, the latter providing a rapid means of rolling out a number of Gateways across a corporate network. It is important to remember that the hard disk will be wiped and the entire system used as the Gateway – this is meant to be a secure, dedicated system after all. Once the server has been rebooted it is immediately in secure mode, and minimal functionality is offered at the console. Instead, all management tasks are provided via a browser-based interface – and not a single, sluggish Java component in sight! The systems has an all-powerful “super user” – the System Admin - who can create, edit and delete Domains, generate and install server-side SSL certificates, start and stop the gateway, and even apply a custom title graphic and background for each screen.
Domains are used to divide the Document Gateway into a number of secure areas of access. A large organisation might employ a separate domain for each sub-division or department, whilst an ISP would use a separate Domain for each organisation it hosts on the Gateway – the underlying security architecture ensures complete privacy and confidentiality between Domains. The software is licensed by number of Domains, and most will be happy with one or two. When a Domain is created (the first task on a new Gateway) the Domain Administrator is also created. This user can create, edit and delete users and groups, create folders and assign access permissions through a simple Administrator menu page. Each user can belong to more than one group, and users do not have to belong to groups at all – they can exist on their own. Users can also have a disk quota (for uploading) and an expiry date associated with them (the latter is ideal for subscription-based services). Folders and sub-folders can be created to any depth, and access controls can be applied to each folder at group or individual user level. Each group or user can be granted no access, viewer access (read only) or partner access (allowed to upload and delete, as well as download documents). Permissions applied higher up in the folder hierarchy will be inherited by sub-folders unless explicitly set lower down.
Every group has a designated “Home” folder, and can also have one or more users designated as “Group Managers”. Group Managers can create other users in the group, as well as create sub-folders under the designated Home folder and assign permissions therein. This provides the means to have a high degree of autonomy within groups or departments in an organisation even within a single Domain. A Group Manager, for example, can ensure that only his or her own users has access to the contents of the Home folder, and can even create other Group Managers to whom admin tasks can be delegated if required. Once the basic structure of the hierarchy has been completed, documents can be uploaded to the Gateway. If you are starting from scratch, this is straightforward, but if there is a huge amount of existing material to be uploaded, this stage can be lengthy and tedious. Every file needs to be individually uploaded and provided with a title for now, though a bulk upload capability is promised for a future version, along with the ability to synchronise a gateway folder with a network folder. However, each user or department can be tasked with uploading their own material (that is what this is designed for, after all), and once you have your basic documents on the Gateway, day-to-day operation is incredibly simple. Users simply point their browser at the Document Gateway URL and are presented with a prompt for user name and password (no other authentication schemes are supported at present, though they are promised for a future release). Security is enhanced by using SSL if required, and this can be enforced at the Gateway ensuring that all connections are encrypted. Once the user is logged in to the Domain, the Gateway determines which folders are available according to the appropriate access permissions and presents them in a Windows Explorer-style pane on the left of the screen. As each folder is selected, the documents in that folder are presented as hyperlinks on the right of the screen, each document with its title, format, size, date and creator information. Viewing a document is a simple as clicking on the hyperlink though, unlike normal Web sites, documents will appear in their native format and so the user does need the original application installed on the desktop in order to view it. As with any Web site, however, right clicking on a hyperlink allows the document to be downloaded and saved locally. Options available along the top of the screen depend on what access permissions the user has. If he is an administrator or has Partner access, then he can upload documents to the folder by simply clicking on the Upload button and specifying a title and the source file name. Administrators can also delete and move documents once they have been uploaded, though unfortunately there is no rename facility, the only option being to delete and upload again. From an end user’s point of view, the document Gateway provides the means to have their material placed on the Web the moment they have finished working on it, and without having to pass it on to the Webmaster for formatting first. No special knowledge is required to upload documents, and this should help ensure that Web-based corporate information is kept as up to date as humanly possible. One of the nicest features of Document Gateway is the folder subscription. Whenever a user is viewing folder contents, there is a “Subscribe” button at the top of the screen. Once again, a single click is all that is required, since the gateway already knows the user’s e-mail address which was entered by the administrator. From that point on, every time a new document is uploaded to the folder an e-mail notification is sent to the user. This means the user does not have to keep accessing the Gateway to check for new documents, and subscriptions can be cancelled as easily as they were created once a folder is no longer of interest. Verdict� BorderWare Document Gateway is the ideal way to share sensitive internal documents with local and remote users as well as partners. A secure platform based on the BorderWare firewall, together with user- and group-based access control and SSL encryption provides a secure repository for corporate data whether it is inside or outside the firewall. Well worth a look. Product: BorderWare Document Gateway
1.0.5j
|
|
Send mail to webmaster
with questions or�
|
