Portal vendors ease remote access security

Businesses looking to hook remote workers, customers and partners into their corporate portals could find securing such access easier with new features from Sun Microsystems Inc. and CoreChange Inc.

In the past, companies offering remote access to the content and applications within their portals had to set up third-party security functions such as a proxy server or a VPN. Portal vendors such as CoreChange and Sun say that approach causes too many headaches for users because they are forced to integrate the stand-alone security pieces into their portal architecture.

As a result, CoreChange and Sun have introduced secure remote access capabilities that are designed to integrate with their respective portals, using access features such as identity management and single sign-on already available through the portal.

“Typically, proxy servers are deployed stand-alone and managed separately,” says Jeff Spotts, executive vice president of marketing at CoreChange. “In our model, the two components work together dynamically. You manage users and user entitlements in one place vs. the typical alternative of having to integrate one vendor’s portal software with another vendor’s security infrastructure.”

CoreChange this month announced its new CoreSecure software for its Coreport portal. The software runs on Windows 2000 and sits on a server in the network’s unprotected area, or demilitarized zone (DMZ). When a remote user accesses the portal, the request is sent to CoreSecure, which establishes encrypted communication with the portal server running behind the corporate firewall. The portal server, which contains information about user access rights, determines what content a particular user can access.

Sun’s Secure Remote Access 6 is similar. It is the latest version of Sun’s VPN-on-demand technology, which takes advantage of security features within the Sun One Portal. The software runs on a server, called a Gateway, that sits in the DMZ. The Gateway creates a secure tunnel to the Sun One Portal Server, which uses the Sun One Identity Server to manage user authentication, single sign-on and other access policies.

Once the Sun One Portal Server authorizes the requesting user, it proxies that information to the gateway, which establishes a secure connection with the user.

Advocate Health Care in Oak Brook, Ill., has used secure remote access to its Sun One Portal since April. Gary Horn, manager of network services, estimates the organization has saved “upwards of a half-million dollars in development and installation costs” by using the Secure Remote product, rather than configuring a stand-alone security device.

“We looked at other methodologies [to secure remote access to the portal],” he says. “We wouldn’t have had a very integrated system so there would have been a lot more development involved, more platforms required and more management issues.”

Horn says there are about 1,800 physicians and employees accessing the portal remotely, a number expected to increase to about 10,000 next year. Physicians can access a range of content and applications from the portal, including patient information, a big reason why security is so important, Horn says.

Analysts say Sun and CoreChange are smart to offer proxy servers that can integrate with established portal security features, eliminating the need to define access rights in a standalone proxy or install client software on remote devices to support a VPN.

Coreport CoreSecure is available immediately and pricing starts at about US$50 per user. The Sun One Portal Server, Secure Remote Access 6 product, is slated to be available in 60 days. It requires a two-CPU license and is priced at US$95,000.