Security Services for Management & Control Services (MCS) provides MCS with a secure port that implements Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0 support. Using Security Services, MCS can support both secure and unsecure connections, depending on the encryption settings you specify.
As shown in the diagram below, Security Services provides authenticated and encrypted sessions between Management & Control (MCS) and its clients.
For hosts that do not support SSL, you can use Security Services to provide SSL connections to clients outside of your firewall. For example, in the diagram, the Security Services component passes secured host traffic over the Internet to Client 1 and Client 2, and forwards the traffic unencrypted to the hosts inside the firewall. The Security Services component also filters client requests, allowing access only to authorized hosts.
Alternatively, you can configure a client for a direct connection to a host, either secure or non-secure, depending on your host's security support. As shown in the diagram, Client 3 is downloaded from MCS, after which all client communications are directly with the host.
You must enable the TLS 1.0 option in client Web browsers in order to establish a TLS connection. |
Security Services provides the following features:
At connect time, Security Services negotiates SSL or TLS with the browser. Alternatively, you can set the Security Services to force TLS, which will work with browsers configured for TLS.
When clients are configured for an SSL connection via the Security Services, secure Telnet traffic is transported using the browser's SSL, thereby limiting client configurations to a single HTTPS port, and minimizing the impact on both the client-side and server-side firewall security policies.
In addition, Security Services includes a destination filter to restrict client access to only authorized host addresses and ports.
Overview of Certificates | |
Configuring Security Services | |
Configuring a Client SSL Connection | |
Obtaining and Installing Certificates | |
Modifying the SecurityGateway.properties File |