Overview of Security Services

Security services for Management & Control Services (MCS) provides MCS with a secure port that implements Secure Sockets Layer (SSL) 3.0 security and Transport Layer Security (TLS) 1.0 support. Using security services, MCS can support both secure and unsecure connections, depending on the encryption settings you specify.

As shown in the diagram below, security services provides authenticated and encrypted sessions between MCS and its clients.

Security Services Overview

For hosts that do not support SSL, you can use security services to provide SSL connections to clients outside of your firewall. For example, in the diagram, security services passes secured host traffic over the Internet to Client 1 and Client 2, and forwards the traffic unencrypted to the hosts inside the firewall. It also filters client requests, allowing access only to authorized hosts.

Alternatively, you can configure a client for a direct connection to a host, either secure or non-secure, depending on your host's security support. As shown in the diagram, Client 3 is downloaded from MCS, after which all client communications are directly with the host.

To establish a TLS connection, you must enable the TLS 1.0 option in client Web browsers.

Security Services Features

Security services provides the following features:

Server authentication.
Six levels of client authentication on a per-server basis. For a description of each type, see the Authentication Page.
Transport Layer Security (TLS) support.
At connect time, MCS negotiates SSL or TLS with the browser. Alternatively, you can set security services to force TLS, which will work with browsers configured for TLS.
Proxy service, allowing secure client connections over the Internet to be proxied to hosts that do not support SSL.
When clients are configured for an SSL connection via security services, secure Telnet traffic is transported using the browser's SSL, thereby limiting client configurations to a single HTTPS port, and minimizing the impact on both the client-side and server-side firewall security policies.

In addition, security services includes a destination filter to restrict client access to only authorized host addresses and ports.


	Configuring the Directory Service
	Overview of Certificates
	Configuring Security Services
	Configuring a Client SSL Connection
	Obtaining and Installing Certificates
	Limiting Access to Authorized Hosts