Security services for Management & Control Services (MCS) provides MCS with a secure port that implements Secure Sockets Layer (SSL) 3.0 security and Transport Layer Security (TLS) 1.0 support. Using security services, MCS can support both secured and unsecured connections, depending on the encryption settings you specify.
SSL can provide secured connections between MCS and client computers. These connections are used when users access the MCS console with an HTTPS connection to display the MCS console.
|To establish a TLS connection, the TLS 1.0 option must be enabled in the Web browser on the client computer.|
Security services provides the following features:
For information about available authentication types, see Authenticating MCS Users under Related Topics.
At connection time, MCS negotiates SSL or TLS with the browser. Alternatively, you can set security services to force TLS, which will work with browsers configured for TLS.
When client computers are configured for an SSL connection via security services, secure Telnet traffic is transported using the browser's SSL, thereby limiting client configurations to a single HTTPS port, and minimizing the impact on both the client-side and server-side firewall security policies.
In addition, security services includes a destination filter to restrict client access to only authorized host addresses and ports.
For hosts that do not support SSL, you can use security services to provide SSL connections to clients outside of your firewall. For example, you can use security services to pass secured host traffic to clients over the Internet, and forward the traffic unencrypted to the hosts inside the firewall. It can also be used to filter client requests, allowing access only to authorized hosts.
Alternatively, you can configure a client for a direct connection to a host, either secured or unsecured, depending on your host's security support. A configuration or presentation can be downloaded from MCS, after which MCS is bypassed and all client communications are directly with the host.
|Setting Up Centralized Management|
|Configuring Security Services|
|Authenticating MCS Users|