Novell ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010 Manual page 16

For more information on these methods, see Chapter 2, "Traditional and ESP-Enabled SSL VPNs,"
on page 19.
Enterprise and Kiosk Modes for End User Access
The Novell SSL VPN uses both clientless and thin-client access methods. The clientless method is
called the Kiosk mode SSL VPN and the thin-client method is called the Enterprise mode SSL VPN.
In Enterprise mode, all applications, including those on the desktop and the toolbar, are enabled for
SSL, regardless of whether they were opened before or after connecting to SSL VPN. In this mode,
a thin client is installed on the user's workstation, and the IP Forwarding feature is enabled by
default. For more information on Enterprise mode, see Section 3.1, "Enterprise Mode," on page 23
In Kiosk mode, only a limited set of applications enabled for SSL VPN. In Kiosk mode, applications
that were opened before the SSL VPN connection was established are not enabled for SSL. For
more information on Kiosk mode, see Section 3.2, "Kiosk Mode," on page 25.
As SSL VPN server administrators, you can decide which users can connect in Enterprise mode and
which users can connect in Kiosk mode, depending on the role of the user. Or you can let the client
decide the mode in which the SSL VPN connection is made. For more information on how to do
this, see Chapter 15, "Configuring How Users Connect to SSL VPN," on page 101. Enterprise mode
is available to a user who has the administrator right in a Windows workstation or a user
root
privilege on Linux or Macintosh workstations, and if the user does not have administrator rights or
user privileges for that workstation, the SSL VPN connection is made in Kiosk mode.
root
Customized Home and Exit Pages for End Users
The home page and the exit page of SSL VPN can be customized to suit the needs of different
customers. For more information, see Section 15.5, "Customizing SSL VPN User Interface," on
page 104.
Clustering SSL VPN Servers
The SSL VPN servers can be clustered to provide load balancing and fault tolerance, When you
form a cluster of SSL VPN servers, all members of a cluster should belong to only one type of SSL
VPN and they should all be running the high bandwidth SSL VPN. For example, all the members of
a cluster should belong to either the ESP-enabled SSL VPN or the traditional SSL VPN. For more
information on SSL VPN clustering, see Part IV, "Clustering the High Bandwidth SSL VPN
Servers," on page 121.
End-Point Security Checks
The Novell SSL VPN has a set of policies that can be configured to protect your network and
applications from clients that are using insufficient security restraints and also to restrict the traffic
based on the role of the client.
You can configure a client integrity check policy to run a check on the client workstations before
establishing a tunnel to SSL VPN server. This check ensures that the users have specified software
installed and running in their systems. Each client is associated with a security level, depending on
the assessment of the client integrity check and the relevant traffic policies are assigned. For more
information on configuring end-point security, see Chapter 14, "Configuring End-Point Security and
Access Policies for SSL VPN," on page 89.
16 Novell Access Manager 3.1 SP1 SSL VPN Server Guide