Traditional and ESP-Enabled SSL VPNs219novdocx (en) 19 February 20102Traditional and ESP-Enabled SSLVPNsThe Novell ® SSL VPN can be deployed as either an ESP-enabled SSL VPN or a Traditional SSLVPN.When SSL VPN is deployed without the Access Gateway, an Embedded Service Provider (ESP)component is installed along with the SSL VPN server. This deployment requires the Identity Serverand the Administration server to also be installed. This type of deployment is called an ESP-enabledNovell SSL VPN.When SSL VPN is deployed with the Access Gateway, it is called a Traditional Novell SSL VPN. Inthis type of installation, SSL VPN is deployed with the Identity Server, Administration Console, andthe Linux Access Gateway components of Novell Access Manager. Section 2.1, “ESP-Enabled Novell SSL VPN,” on page 19 Section 2.2, “Traditional Novell SSL VPN,” on page 20 Section 2.3, “High and Low Bandwidth SSL VPNs,” on page 212.1 ESP-Enabled Novell SSL VPNIn ESP-enabled Novell SSL VPN, the process involved in establishing a secure connection betweena client machine and the different components of Novell Access Manager is as follows:1. The user specifies the following URL to access the SSL VPN server:https:///sslvpn/login is the DNS name of the SSL VPN server, and /sslvpn/login is thepath of the SSL VPN server.2. The SSL VPN redirects the browser to the Identity Server for authentication.3. After successful authentication, the Identity Server redirects the browser back to SSL VPN.4. The Identity Server propagates the session information to the SSL VPN server through theEmbedded Service Provider.5. The SSL VPN server injects the SSL VPN policy for that user into the SSL VPN servlet. TheSSL VPN servlet processes the parameters and sends the policy information back to the server.6. The SSL VPN checks if the client machine has sufficient security restraints. For moreinformation on client integrity checks, see Chapter 14.1, “Configuring Policies to Check theIntegrity of Client Machine,” on page 90.7. When the user accesses the applications behind the protected network, the connection goesthrough the secure tunnel formed with the SSL VPN server.8. The browser stays open throughout the SSL VPN connection to allow the keep-alive packets.9. When the user clicks the logout button to close the SSL VPN session, all the client componentsare automatically uninstalled from the workstation.