Introduction
Java Applet Support
IIOP Proxy Server
HTTP Tunneling
SSL Support
Easy Graphical Configuration
The VisiBroker Family of Products

VisiBroker Gatekeeper frees your application to extend beyond your firewall while maintaining the integrity and security of your network.

Introduction
VisiBroker Gatekeeper lets Java applets communicate with server objects across intranets and the Internet without compromising the network security. VisiBroker Gatekeeper serves as a gateway from an applet to server objects providing full client capabilities to applets traditionally constrained by firewalls or browser restrictions. Without requiring any additional development work, VisiBroker Gatekeeper works within the network and security constraints to extend your VisiBroker application to the Web and beyond.

Java Applet Support
Java applets promise thin-client applications without limits and yet are affected by limitations that deny this goal. VisiBroker Gatekeeper resolves the two primary security restrictions imposed on Java applets -- referred to as the "Sandbox" security model -- that limit an applet's effectiveness in distributed enterprise computing.
Those limitations are:

• Applets may only establish network connections with the host that served the applet.
• Applets may only accept network connections from the host that served the applet.

While many situations require these security precautions to deter the malicious capabilities of rogue Java applets, they pose significant limitations to Web-based clients of distributed applications. VisiBroker Gatekeeper provides a way to work within these limitations while achieving the required connectivity with server objects. It provides these solutions by extending location transparency past the Web server and allows callbacks to function regardless of the location of the server object.

Location Transparency
To be effective, client applets must be able to access server objects independent of their physical location -- a fundamental principle of distributed object computing. With VisiBroker Gatekeeper, applets can fulfill this requirement even though it is in direct contention with key limitations imposed on Java applets. In order to conform to the Sandbox security model, VisiBroker Gatekeeper establishes itself as a proxy object for all incoming requests from the client applets. Should the server object not be available on the applet host, Gatekeeper automatically creates a proxy object, coordinating access to all server objects that would otherwise be unreachable.

Callback enabling
Applications often make use of callbacks to provide a means for server objects to communicate back to specific clients -- providing a greater degree of flexibility. With VisiBroker Gatekeeper, and the proxy objects it creates on the applets' behalf, callbacks can be implemented without concern for the limitations of the Java applet security mechanisms. VisiBroker Gatekeeper is able to proxy the needed connection between the server object and the client applet, allowing the client applets to participate fully in the distributed applications.

Through the capabilities of VisiBroker Gatekeeper, applets can behave, as any client applications would, allowing browser-based clients to provide a true alternative to heavy client deployment.

IIOP Proxy Server
In environments where firewalls are used to protect internal networks, communication between client applications and applets are under significant restrictions, due to the network security requirements. While these clients must be able to invoke a wide range of objects, they are prohibited from doing so by strict, and often complex, firewall configurations. In addition, a so-called "proxy firewall" creates a completely different network address -- making it impossible for a client outside the firewall to locate objects within the protected network.

Rather than requiring the firewall to be configured to explicitly allow each connection from the client to server objects, VisiBroker Gatekeeper leverages its ability to proxy requests (and callbacks) through a single port on the firewall.

HTTP tunneling
In many cases, firewalls are not configured to allow even IIOP traffic to pass. In these cases, other methods must be used to provide the connectivity needed by client applications and applets. VisiBroker Gatekeeper provides a solution that allows IIOP communications to be made across an HTTP link -- the same protocol used by Web browsers and servers. Network security administrators are not required to perform additional firewall configuration -- VisiBroker Gatekeeper fits seamlessly in to the existing infrastructure.

As with other features of VisiBroker Gatekeeper, the use of HTTP tunneling requires no additional code or programming of any kind on the part of the application developer. These features are automatically available with VisiBroker for Java and the VisiBroker Gatekeeper.

SSL Support
If mission-critical applications are to be extended beyond the firewall, beyond the reach of traditional network security, a new solution is needed to ensure the privacy and integrity of the information. When used in conjunction with the VisiBroker SSL Pack, VisiBroker Gatekeeper provides this solution and allows broad flexibility in security configuration. SSL can be use to secure the communication between the client application -- located outside the firewall -- independent of the security of the internal application. This allows SSL to be used only where it is needed to gain access from remote locations without requiring all of the server objects to be SSL-enabled, optimizing the performance and easing the administration of the application. Similarly, SSL connections can be configured for server callbacks outside the firewall or across all communications.

All of these capabilities can be configured through the VisiBroker Gatekeeper graphical interface and require no additional development work and no complex administration.

Easy Graphical Configuration
New for VisiBroker Gatekeeper is a new graphical interface to make configuration even easier. All of the configurable parameters of VisiBroker Gatekeeper can be configured through this powerful Java interface. Whether it is configuring firewall proxy addresses, disabling Callbacks, or enabling HTTP tunneling, all of these operations can be done through the Configuration Manager. Even the network ports to be used for each of the components of communication can be controlled to allow VisiBroker Gatekeeper to work within your network security and firewall mechanisms. There is no need for maintaining cryptic configuration files by hand -- the Gatekeeper Configuration Manager makes it easy.

The VisiBroker Family of Products

Essential Software for Distributed Computing
The Inprise VisiBroker family of products provides an integrated suite of tools and services to enable the development, deployment and management of flexible, scalable, and secure distributed object applications throughout your organization, your intranet, and across the Internet.

• Inprise VisiBroker for Java and C++ is the leading CORBA ORB, providing you the openness and flexibility to confidently develop and deploy distributed enterprise applications in a heterogeneous environment.
• VisiBroker Integrated Transaction Services (ITS) is the next generation transaction solution for delivering reliable, high performing distributed object applications!
• VisiBroker SSL Pack is an option to Inprise's VisiBroker ORB that provides an introductory level of security. It allows developers to add authentication and encryption capabilities to their distributed applications.
• VisiBroker Gatekeeper frees your application to extend beyond your firewall while maintaining the integrity and security of your network.
• VisiBroker Naming Service provides an industry-standard means to cope with the complexity of large-scale distributed applications by helping applications locate individual objects from among the thousands of objects that may exist with your organization.
• VisiBroker Event Service extends the flexibility of the VisiBroker ORB by enabling the development of event-based applications through support of the CORBA services standard.
• VisiBroker Manager supports and enhances the development, deployment, and management of VisiBroker applications by providing visual access to ORB information and configuration.

Inprise also offers flexible options for expert consulting, training, and support. The Inprise Professional Services Organization assists project teams with their VisiBroker-based application development and can ensure a successful jumpstart to building a CORBA-compliant computing environment.