SafeWord for Nortel Networks, Product Bulletin

View a presentation on how SafeWord for Nortel Networks works.

Request an evaluation package.

Get contact information for Secure Computing Corporation.

Back to SafeWord for Nortel Home Page.

Home -> Product Info -> Product Bulletin

SafeWord® for Nortel Networks Product Bulletin

SafeWord for Nortel Networks follows Microsoft's best practices in the Active Directory schema

Download the product bulletin - 101 KB, 2 pages

SafeWord® for Nortel Networks adds strong authentication to your Nortel SSL VPN and other Nortel deployments, positively identifying users who access your applications and resources through Nortel VPNs. SafeWord for Nortel Networks delivers security through one-time passcode-generating hardware tokens. Only the SafeWord server knows which passcode will allow the user to gain access. This eliminates threats from outsiders stealing, copying, or reusing passwords.

In addition to featuring tight integration with Nortel SSL VPNs and other Nortel products, SafeWord for Nortel is managed directly from Microsoft Active Directory, allowing administrators to easily manage tokens and users.

Schema extension recommendations
Some network administrators and IT staff members have expressed reluctance to install applications that extend the Active Directory schema, as evidenced in several online discussion groups. While the Microsoft knowledge base suggests using caution when making changes to the Active Directory schema, Microsoft expressly decrees that extending the AD schema is, in fact, encouraged to extend the Active Directory definition (when done following Microsoft recommendations).

Microsoft recommends only using schema extensions that follow recommended "best practices." SafeWord for Nortel Networks follows the Microsoft best practices list. The list, found at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/adschemaext.asp, includes the following guidelines for extending the schema.

Best practices include:

The schema is neither a database nor a file system. Don't treat it as such.

Place references in the directory that point to other data stores instead of using the directory for something for which it was not designed.

Only define globally interesting, relatively static information in the schema.

Objects defined in the schema should not be created very often or modified frequently.

Objects should have a long life.

Use twice the maximum replication frequency when determining longevity or frequency.

Test the application in a private forest and with other applications before deploying.

The schema upgrade must be separate from the application installation.

SafeWord for Nortel Networks has followed the Microsoft recommendations to create the SafeWord for Nortel Networks Active Directory extension.

Application requirements for shipping
Microsoft offers some caveats for schema extensions that ship with applications such as SafeWord for Nortel. All caveats have been explicitly followed: a separate install has been created for SafeWord for Nortel, and the following steps recommended by Microsoft have been implemented:

The application must use a registered prefix and base OID for each class and attribute.

The application must have a unique schemaIDGuid for each class and attribute.

LDIF files for your schema installation must be created.

The application uses LDIFDE.exe to load the LDIF files.

The application and schema extensions were tested on Secure Computing's local network.

For more information
If you have additional questions or concerns on the implementation of the Active Directory schema extensions in SafeWord for Nortel, contact sales@securecomputing.com or visit http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/adschemaext.asp.