Security services for Management & Control Services (MCS) provides MCS with a secure port that implements Secure Sockets Layer (SSL) 3.0 security and Transport Layer Security (TLS) 1.0 support. Using security services, MCS can support both secured and unsecured connections, depending on the encryption settings you specify.
SSL can provide secured connections between MCS and client computers. These connections are used when users access the MCS console with an HTTPS connection to display the MCS console and access configurations or presentations stored on the MCS server. SSL via security services in MCS is not used when connecting to the host through a session or presentation, although a direct SSL connection to the host can be specified when the underlying application is created.
For information about using SSL connections in EXTRA! X-treme, see How to Connect to the Host using SSL and Express Logon.
Security services provides the following features:
For information about available authentication types, see Authenticating MCS Users.
At connect time, MCS negotiates SSL or TLS with the browser. Alternatively, you can set security services to force TLS, which will work with browsers configured for TLS.
|To establish a TLS connection, the TLS 1.0 option must be enabled in the Web browser on the client computer.|
When client computers are configured for an SSL connection via security services, secure Telnet traffic is transported using the browser's SSL, thereby limiting client configurations to a single HTTPS port, and minimizing the impact on both the client-side and server-side firewall security policies.
In addition, security services includes a destination filter to restrict client access to only authorized host addresses and ports.
Security services provides authenticated and encrypted sessions between Management & Control (MCS) and its clients.
For hosts that do not support SSL, you can use security services to provide SSL connections to clients outside of your firewall. For example, you can use security services to pass secured host traffic to clients over the Internet, and forward the traffic unencrypted to the hosts inside the firewall. It can also be used to filter client requests, allowing access only to authorized hosts.
Alternatively, you can configure a client for a direct connection to a host, either secured or unsecured, depending on your host's security support. A configuration or presentation can be downloaded from MCS, after which MCS is bypassed and all client communications are directly with the host.
|Setting Up Centralized Management, Overview|
|Authenticating MCS Users|
|Configuring Security Services|
|SSL Certificates, Overview|
|Obtaining and Installing a Server Certificate|
|Obtaining and Installing Client Certificates|
|How to Connect to the Host using SSL and Express Logon|