GWAVA For GroupWise Mobility Service

Using GroupWise on your mobile device.

Work today happens anywhere it needs to, so it is imperative that users have easy access to their mission critical GroupWise data anywhere they have an Internet connection. GroupWise Mobility Service offers mobile email sync capabilities that keep end users productive. This complement to Novell GroupWise lets users access their GroupWise mailbox data from any ActiveSync-enabled mobile device, using their native clients. It offers access to mail, calendar data, contacts, and tasks. All this can be synchronised with a wide variety of mobile devices that use iPhone, Android, BlackBerry, and Windows Mobile operating systems.

Risks associated with mobile devices

Even though mobile devices can increase the efficiency of all employees, there are also some risks associated with the usage of smart phones and tablets in GroupWise environments. Messages sent from mobile devices through the GroupWise Mobility Service are not scanned. This leaves a security hole in a GroupWise messaging deployment.

This means that a mobile device could introduce a virus into the GroupWise system and thus being able to harm all GroupWise users internally. SMTP Scanners such as GWAVA are unable to scan messages sent from mobile devices before being introduced to the GroupWise system.

The GWAVA SMTP Interface, for example, will scan mobile-device-originated messages before leaving the GroupWise system but it cannot prevent viruses from being sent within the GroupWise system. To close this security hole in the GroupWise system GWAVA has developed an additional GWAVA interface: “GWAVA for GroupWise Mobility Service”.

Closing the Security Hole with GWAVA

With the introduction of GWAVA for GroupWise Mobility Service, system administrators can now ensure that all messages sent from their organisation’s mobile devices are as secure as messages sent from GroupWise clients and GroupWise Web Access. By scanning all messages before being introduced to the GroupWise system, GWAVA prevents the potential spread of viruses to any GroupWise users internally.

GWAVA for GroupWise Mobility Service

GWAVA for GroupWise Mobility Service is an additional interface for the GWAVA product. Support for the GroupWise Mobility Service (GMS) provides an additional interface within GWAVA. The GMS architecture is very similar to GW Web Access in that both GW Web Access and GMS allow messages to be introduced to the GroupWise system that may not be secure. The other GWAVA Interfaces (such as SMTP) are not able to scan messages originating from Web Access and/or GMS,  so there is a need to provide scanning at the GMS and web access server (WASP) level.

25-GWAVA -1
Figure 1: GWAVA Policy Manager

GWAVA for GMS includes a new RESTful API which allows any 3rd party component to interact with and consume the GWAVA security services. Novell has added support for this new RESTful API to GMS allowing GMS customers to scan all messages sent from their mobile devices that are connected to GMS. The GMS Interface architecture differs from the WASP Interface in that GMS calls into the GWAVA API. This is significant in that Novell made specific changes to GMS in order to support GWAVA.

This is not the case with WASP.  With WASP, Novell provided an entry point wherein WASP could scan messages. With GMS it is the other way around.  GMS calls GWAVA and requests GWAVA to scan. GWAVA scans the message and sends a response to GMS based on the scan results and policies configured in GWAVA. It is then up to GMS to react according to the response.  

GWAVA scanning methods

GWAVA is designed as a multilayer Security product, which can scan all layers of your GroupWise environment plus more. Currently, GWAVA has the following scanner interfaces:

  • SMTP Gateway
  • GroupWise Internet Agent (GWIA)
  • GroupWise Mail Transfer Agent (MTA)
  • GroupWise PostOffice Agent (POA)
  • GroupWise WebAccess Protection (WASP)
  • GroupWise Mobility Service
  • Novell Vibe
  • Web Interface

For all of these scanners, there are several different scanning engines available. The following list is an example of the most used engines:

  • Antivirus Protection
  • Zero Day Virus Outbreak Protection
  • Pattern Detection Engine (AntiSpam)
  • IP Reputation Service
  • Realtime Blackhole List
  • SURBL
  • Sender Policy Framework
  • Attachment Blocking
  • Fingerprinting
  • DoS detection
  • Conversation Tracking
  • Image Analyzer

All of these scanning engines can be configured based on the scanning interface or in a policy manager. Policies provide a structured method of deciding what types of filters are to be used on messages based on the delivery information of each item.

Depending on your needs, you may only need to set up a single policy to scan all messages in the same way that pass through your system.

25-GWAVA-2-600x388
Figure 2: GWAVA Image Analyzer

You may create separate policies for inbound and outbound mail to have separate sets of filters, and you can segregate your filters by domain. There is no limit to the complexity of the policy layout, so you can set up your GWAVA scanning environment as best suits your needs.

And as we all know, GroupWise systems consist mostly of more than one server, it is possible to build a GWAVA Network with different GWAVA Servers.

For example it is possible to use different GWAVA Servers for different Mail Exchange (MX) records. The GWAVA servers can be configured using one interface and the configuration will be replicated to all GWAVA Servers in the network.

System requirements

Since GWAVA for GroupWise  Mobility Service is an additional interface for the GWAVA product it has the same system requirements as GWAVA 6.5 and GroupWise Mobility Service 2.0.1. The solution can be deployed on multiple servers in a mixed Linux and Windows environment. The following operating systems with the latest patches are supported:

  • Novell OES 2.x (Linux)
  • SUSE Linux Enterprise Server 10.x
  • SUSE Linux Enterprise Server 11.x
  • Windows 2008 Server

Hardware recommendations are made according to approximate system load, and are dependent on OS and configuration type. General configuration settings are assumed. (If connection dropping is used on an SMTP scanner, the expected performance rises significantly.)  

To process 3000 messages an hour a modern multi-core server (2.4GHZ  or better) is required with at least 1.5GB of free RAM and 40GB storage.  However if throughput is 10,000 messages an hour a higher spec server is recommended (3GHz processor) with 4GB of free RAM and 100GB of storage.

Conclusion

With mobile devices now such an important part of corporate infrastructure it is important that messages and their attachments sent from these devices are subject to the same high security standards as from desktop machines.  Only GWAVA for GMS provides this service for GroupWise users.

Leave a Reply