Disclaimer

The content of this material are challenges faced onsite and how I personally resolved them. Please be noted that solutions posted here

1> should not be considered as ultimate. The material may be considered for reference only.

2> should not be considered as guarantee that solutions may work. Contact Cyberoam support before making any changes.

3> blog does NOT belong to the Cyberoam. It's a blog...a personal blog.

Changes done after referring this site may seriously damage the network. So...

........DO CHANGES AT YOUR OWN RISK

(please contact cyberoamsupport before implementing any changes)

Tuesday, 11 February 2014

NTLM: Begining of an Era

At last Cyberoam has it what I always wanted to see in it since beginning. A single sign on method where now I have to no more install any .exe file on the my AD servers. Although I love the existing method used by the Cyberoam to implement its SSO (single Sign On), However I always had this challenge that many customers were not ready to install any software on their AD servers. The existing SSO method used by Cyberoam uses CTAS, It is a suite of softwares that is installed on the AD server, although it is a flawless way of performing the SSO process, But it had some challenges in the DHCP environment. I am sure introduction of NTLM in Cyberoam will overcome these challenges.
NTLM is actually a Microsoft feature which was used during Windows NT era. According to Microsoft it is a protocol suite that provides authentication, integrity and confidentiality to users. I know quite a few vendors who have incorporated the same technology to implement the process of Single Sign on.
So, as always I decided to test the new feature. Here are my results:

1. It worked for me the very first time, despite the fact that I had a little hard time in finding out the article from the Cyberoam KB.
Here are the articles that I used to configure the NTLM , browser and Cyberoam respectively:

http://kb.cyberoam.com/default.asp?id=2252&Lang=1&SID=
http://kb.cyberoam.com/default.asp?id=2251&Lang=1&SID=

2.  I was not able to find anything related to NTLM on AD in Cyberoam KB, however When I researched I found that we have to enable the NTLM on AD by following:
http://support.microsoft.com/kb/239869

3. When I heard about NTLM the first time, I thought it might slow down the attempts to access web sites, since it is a browser based authentication, but I observed no delay.

4. The company where I deployed NTLM recently had some reservations. The IT guy over there told me that Microsoft recommends NOT to use NTLM as it is not secure. I told him that it is just another feature that is on offer and other vendors too use it, although it is not secure but it is good enough to be used internally for authentication.

5. The deployment has been successful, I checked the behavior on multiple browsers on Windows and Linux. However, it will be interesting to see how it works on Mobile devices. For eg, blackberry OS, iPhone, iPad etc.

Few things I liked about NTLM SSO:
a) Very seamless
b) No delay
c) Easy to deploy
d) Works well with multiple browsers on windows and Linux
e) No installation of any kind of client on AD or end users

Note: Cyberoam says that it does not support NTLMv2, however when I used  NTLMv2 on AD, I faced no issues.
Cyberoam also mentions that only browser supported are IE and Firefox, but Chrome and Safari gave me no problems while using them.
I have not as of yet tested this using my iPhone, iPad or android. But certainly I will check it soon and come up with the results.

Cyberoam has now become a mature product and with the new features coming up it is surely going to make an impact in the market.









No comments:

Post a Comment