Subtitles of the Movie

Now we're going to move on to a completely different type of resource. Where as File Share and Web Resources are presented through the Access Interface in a web browser the next Resource Type is not presented through a web browser and in fact cannot be accessed through the web browser, you actually have to have the Secure Access Client to access them and we are talking about Network Resources. Network Resources allows users direct access to the network. For example if you have an Administrator that need to RDP into a Server or SSH into a UNIX Box you obviously can't publish those resources as part of the Advanced Access Gateway. You have to set up and access Gateway Appliance and you have to provide users access to the network through the Access Gateway Appliance. As I mentioned network Resources requires the Secure Access Client to be installed on the workstation that you're using to access the network. The Secure Access Client is like many other vet of VPN Clients, it's a little different in a couple of respects in the fact that it installs as mainly a shim in the Networking Stack, does not actually install a Networking Adapter that you can see, kind of like the Cisco or the Nortel VPN solutions. Basically the Secure Access Client looks for traffic that it thinks is interesting and is bound for the Remote Networks and that is defined as we'll see in the Access Gateway Set Up. And when it sees traffic to those Remote Networks, it grants that traffic and sends it through the VPN Tunnel. The VPN Tunnel instead of being a regular IP Sect VPN Tunnel, like many other vendors have, the Secure Access Client Tunnel is an SSL Tunnel, it uses HTTPS on port 443. This allows it to be very flexible in the Network Configurations that it works with. For example if you're at a hotel and they only allow ports 80 and 443 out for web browsing you can initiate a Secure Access Client connection to your Remote Network using your Secure Access Client to talk to the Secure Access Gateway. Network Resources for the reasons that we've talked about don't even appear in the Access Interface, if you can't get to them from Access Interface there's no point in putting them in the Access Interface. There's no way you can make them appear either, it one of those things that you just have to know you have VPN Access and you have to launch the Client manually in order to gain that full VPN Access. Now also something to keep in mind is that there are no restrictions on the access once it is allowed through, meaning that once you define a Network resource, whether it is an individual host or an entire Network or a range of Networks, then anything that you are allowed to connect to on that host or that network will be allowed through. For example as we'll see when we talk about Network resources elsewhere in the course, you can say that I would like to grant access to this particular host name on port 23. Now 23 is normally the Telnet Port , however if you have a custom service bound to support 23 so long as you are allowed access to port 23 on that machine the Secure Access Gateway and the Secure Access Client doesn't care that it's not actually Telnet traffic. It doesn't look at it other then to say you're coming in on TCP Port 23 and so I'm allowing you in based upon your Access Profile. For this reasons its good to keep in mind exactly what resources you may be potentially exposing to Remote Network Users by allowing them full access to a host or a range of hosts. For example if you only want them to be able to access a website on a web server you need to limit that host to only allowing port 80 through and not everything so they can't go out and browse the file system on the web server for example. I have to say that the Network Resource Configuration Interface is very intuitive and a lot of this will make a lot more sense when we get to this section of the course. And this concludes our overview of resources.