Renegade Applets Get Caged - by Digitivity's Applet Management System - Product Announcement

In the beginning, Java applets did simple and harmless things, such as making a Web page more appealing with cool animation displays. But now, as Java applications get more and more sophisticated and capable, and electronic commerce vendors start relying more and more on transactional Java clients, finding a way to regulate applet activity on the corporate intranet is of paramount importance.

Enter Digitivity (Los Altos, Calif.) with its Applet Management System. "We're going to see a lot of pressure on CIOs to deploy Java. There's been a lot of press about hostile applets, but we believe the more dominant issue will be buggy applets -- or applets that become hostile by accident. We wanted to provide a tool that organizations can use to manage Java applets in their corporations," says Andi Bruno, Digitivity director of marketing.

Because Java applets can wreak havoc on enterprise networks, corporations traditionally put firewalls in place between the corporate intranet and the Internet that scan all incoming traffic, using Web proxies to identify and prevent Java applets from entering the corporate network. This "defense by abstinence" may be secure, but no one within the firewall can use Java to its full advantage, a serious weakness as Java gains a foothold in corporate enterprises. Other measures are available that let Java applets enter corporate networks -- such as browser sandboxing or bytecode scanning -- but they fall short in providing a completely secure solution. "None of these methods [of Java applet control] individually solve the problem, even if you start combining them," says Andrew Herbert, Digitivity CTO and founder.

Digitivity's Applet Management System is a series of three products designed to bring centralized and secure applet management to corporate networks: the Cage, which provides basic applet management; the Policy Cage, which lets administrators assign and enforce security and system access applet policies; and the Enterprise Cage, which establishes bridges between applets and transaction processing and messaging systems.

"There is no question tat downloading remote code raises important security issues for any organization. The Digitivity Applet Management System provides a physical isolation solution for deploying Java in the enterprise," say Li Gong, a Java security architect with JavaSoft (Mountainview, Calif.)

The Cage runs external Internet applets on a Windows NT or Sun Solaris server located outside the corporate firewall. Because applets never enter the network, they never have the chance to create disruption. The Digitivity Cage system is composed of the CageServer, which runs the Internet applets in its own Java Virtual Machine; the AppRouter, which detects applets and deploys the Proxy Applet, which takes the place of Internet applets in user browsers; and the BrowserBridge, which establishes a connection between the original applet and its Proxy Applet.

When a user in a corporate network requests a Web page with a Java applet, the AppRouter detects the incoming HTML applet reference and uploads a Proxy Applet to the user's browser. The AppRouter then reroutes the original HTML applet reference to the CageServer, which requests the Java applet and runs it in its own virtual machine, or CageProcess. For each user accessing java applets, a separate CageProcess is created.

The key in this process is the Proxy Applet, which establishes a TCP/IP connection to a CageProcess through a pre-configured port in the corporate firewall. A data protocol called BrowserBridge carries Java library functions from the CageProcess to the Proxy Applet, making the applet appear to be executing within a user's browser while it is actually running on the CageServer. The protocol, heavily based on the UNIX X Window System protocol, transports user mouse clicks and keyboard commands back to the CageProcess.

"Digitivity is addressing the need to provide a safe way to run applets while still maintaining scalable performance and management of the environment," says Michael Goulde, senior consultant and editor for the Patricia Seybold Group, a Boston-based research and consulting firm, who says that the Cage product is a good match for network computing (NC) environments because it can help make NC configurations lighter.

[ILLUSTRATION OMITTED]

COPYRIGHT 1997 101 Communications, Inc.
COPYRIGHT 2004 Gale Group