Features

Secure Remote Access

NetWare's RConsole and RConJ pose a serious security threat by allowing passwords to be sent over the network in a plain text format. To protect users from these vulnerabilities AdRem sfConsole provides the best-in-class server protection for both remote and local console access.

To protect remote access connections AdRem sfConsole offers various levels of encryption alghoritms: 128-bit TEAN, 168-bit Triple DES, and 256-bit AES.

The unique encryption key is randomly generated for each session using the industry-standard Diffie-Hellman algorithm. Apart from the strong data encryption, sfConsole additionaly secures remote connections by controlling the access rights to console commands and screens.

Secure Access via any Web Browser

Web access delivered by sfConsole means that users can remotely connect to a NetWare server using any web browser from any platform running Flash 10 or higher (Windows, Mac OS X, Linux). No installation and NetWare Client required.

The web-based console provides the same functionality as the client version of sfConsole. This gives users the flexibility to perform such security operations as role-based access control, remote emergency connection, and emergency file transfer from anywhere on the web. Last but not least, web access through sfConsole does not compromise security - users are still required to authenticate through eDirectory.

Emergency Access and File Transfer

In case when eDirectory is inaccessible (due to its failure, or when DS.NLM is unloaded), sfConsole ensures management continuity by providing an emergency connection to the server. In such cases users can also transfer files from a workstation to all the server directories, including the server's local DOS partition, they have been granted access to.

Local Console Protection

AdRem sfConsole protects the local (physical) server console completely - the user must provide the correct name and password to access the local server console. Unlike Novell's standard screen saver, sfConsole makes it possible to restrict access to console commands and screens.

Local console security modes:

Full	It is impossible to access any server screen (a screen saver will be visible instead of the active screen) or enter any command from the keyboard without logging in.
Keyboard only (with screen saver)	When no one is using the console remotely, the local user can only see a screen saver and to use the keyboard he has to log in. However, if there are some active remote users on the console, the local user can view the active server screen, for example to monitor the operation of remote users.
Keyboard only (no screen saver)	Unlike the previous case, this protection mode eliminates the use of screen saver; in each situation, the local user can view the active screen and use the keyboard after logging in.
Screen Saver	Access to the server console will not be restricted. After the defined period of time from the last keystroke, the screen saver will be started. Pressing any key will result in returning to the server console screen.
Unrestricted	Full access to the local server console (no screen saver or keyboard lock).

Role–based Access Management

By extending the eDirectory schema, AdRem sfConsole makes it possible to implement flexible role-based management of console access privileges – a feature unavailable in most other consoles. As a result, you can control access rights of particular users or groups, define console start-up scripts, or even restrict users' rights to selected screens or commands.

Console Activity Auditing

With sfConsole you can determine not only what happened on the console, but also when it happened and who did it. For instance, the administrator can verify who accessed the server console from behind the firewall, and from what IP address.

Remote Console Proxy

Secure Access to Servers from Behind the Firewall

If a connection from some external Internet location is desired, the program allows accessing the NetWare server console remotely, through the firewall. In this case users login via the web to a single sfConsole server that acts as a proxy, and from this server they communicate with any other server within the same NDS tree.

Unlike the previous releases of sfConsole which necessitated the opening of multiple NCP ports, the 2009 version requires just one dedicated port (selected by the user) to be opened on the firewall and forwarded to the proxy. This eliminates the risk inherented, by which in NCP ports users can potentially gain unauthorized access to other NetWare resources from outside the firewall. The proxy connection provides users with access solely to the server console.

The proxy-enabled remote connection is protocol-independent, which means that users connect with the proxy server over TCP, and then communicate with other NetWare servers over either IPX or TCP. Finally, they can connect to any NetWare sever exclusively within one eDirectory tree.

Single Sign–On

AdRem sfConsole is compatible with the single sign-on technology. This means users log- in using the eDirectory password just once. All subsequent connections to other servers within the same NDS tree and all windows opened later use the information about users' rights that is stored in eDirectory, and do not require entering passwords again. As a result, users with suitable rights access the server console without the hassle of recurrent log-ins to eDirectory.

TCP/IP and IPX/SPX

AdRem sfConsole runs over both IPX/SPX or TCP/IP protocols. The program is compatible with NetWare 4.x SP9, 5.x, 6.x and OES NetWare.
sfConsole 2007 Windows client runs on Microsoft Windows 2000, XP Professional and Windows Server 2003, and sfConsole 2009 Windows client - on Windows XP/Vista (except Home editions) and Windows Server 2003/2008.

Data Compression

Thanks to a custom data compression algorithm, sfConsole provides efficent access even over extremely slow links. The program is optimized for WAN and modem connections and typically the traffic generated by sfConsole is less than 1 kb/s (as compared to 40 kb/s generated by other consoles, e.g. Netware Management Portal).

Quick and Easy Deployment

sfConsole uses only one NLM which is sized at about 2 MB. This means installing the program remotely on 100 servers at a time takes no more than half an hour. The program can also automatically unload and remove other insecure remote consoles (like Novell RConsole or RConsoleJ) from the autoexec.ncf startup file.

Keyboard and Desktop Shortcuts

sfConsole allows you to define keyboard shortcuts for the most frequently used functions. For example, you can quickly change screens by using the '+' and '- ' key strokes defined as shortcuts. This is particularly useful for Novell RConsole users who are used to certain keyboard shortcuts already.
With sfConsole you can easily define desktop shortcuts to ensure quick access to a given server.