Security services for Management & Control Services (MCS) provides MCS with a secure port that implements Secure Sockets Layer (SSL) 3.0 security and Transport Layer Security (TLS) 1.0 support. Using security services, MCS can support both secured and unsecured connections, depending on the encryption settings you specify.
As shown in the diagram below, security services provides authenticated and encrypted sessions between MCS and its clients.
For hosts that do not support SSL, you can use security services to provide SSL connections to clients outside of your firewall. For example, in the diagram, security services passes secured host traffic over the Internet to Client 1 and Client 2, and forwards the traffic unencrypted to the hosts inside the firewall. It also filters client requests, allowing access only to authorized hosts.
Alternatively, you can configure a client for a direct connection to a host, either secure or non-secure, depending on your host's security support. As shown in the diagram, Client 3 is downloaded from MCS, after which all client communications are directly with the host.
|To establish a TLS connection, you must enable the TLS 1.0 option in client Web browsers.|
Security services provides the following features:
At connect time, MCS negotiates SSL or TLS with the browser. Alternatively, you can set security services to force TLS, which will work with browsers configured for TLS.
When clients are configured for an SSL connection via security services, secure Telnet traffic is transported using the browser's SSL, thereby limiting client configurations to a single HTTPS port, and minimizing the impact on both the client-side and server-side firewall security policies.
In addition, security services includes a destination filter to restrict client access to only authorized host addresses and ports.
|Configuring Security Services|
|Configuring a Client SSL Connection|
|Installing a Server Certificate|
|Installing a Personal Certificate|
|Limiting Access to Authorized Hosts|