STERLING SECURE PROXY. Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com



Similar documents
GlobalSCAPE DMZ Gateway, v1. User Guide

DMZ Gateways: Secret Weapons for Data Security

Server Software Installation Guide

State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

PCI Compliance Report

HTTP Reverse Proxy Scenarios

Installing and Configuring vcenter Multi-Hypervisor Manager

Testing New Applications In The DMZ Using VMware ESX. Ivan Dell Era Software Engineer IBM

/ Preparing to Manage a VMware Environment Page 1

Quick Start Guide. Cerberus FTP is distributed in Canada through C&C Software. Visit us today at

The Bomgar Appliance in the Network

Installation and Administration Guide

F-SECURE MESSAGING SECURITY GATEWAY

Experian Secure Transport Service

Reverse Proxy Scenarios for Single Sign-On

Ignify ecommerce. Item Requirements Notes

F-Secure Messaging Security Gateway. Deployment Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Release Notes

PN Connect:Enterprise Secure FTP Client Release Notes Version

Remote Management Reference

Xerox SMart esolutions. Security White Paper

HP ProLiant Essentials Vulnerability and Patch Management Pack Server Security Recommendations

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Managing Multi-Hypervisor Environments with vcenter Server

Royal Mail Business Integration Gateway Specification

Enterprise Manager. Version 6.2. Installation Guide

athenahealth Interface Connectivity SSH Implementation Guide

VMware Identity Manager Connector Installation and Configuration

Methods available to GHP for out of band PUBLIC key distribution and verification.

Secure Data Transfer

Why a Reverse Proxy with My Instant Communicator for mobiles??

Secure, Reliable Messaging Comparisons between PHINMS, SFTP, and SSH. Public Health Information Network Messaging System (PHINMS)

OnCommand Performance Manager 1.1

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

Communication Protocol Adapters in Sterling Integrator IBM Corporation

Centers for Medicare and Medicaid Services. Connect: Enterprise Secure Client (SFTP) Gentran. Internet Option Manual

What is WS_FTP? How WS_FTP Works

A Guide to New Features in Propalms OneGate 4.0

Reconfiguring VMware vsphere Update Manager

WhatsUp Gold v16.3 Installation and Configuration Guide

Firewall and Router Policy

Novell Access Manager

Acano solution. Security Considerations. August E

Remote Management Reference

msuite5 & mdesign Installation Prerequisites

Exam Questions SY0-401

Introducing ZENworks 11 SP4. Experience Added Value and Improved Capabilities. Article. Article Reprint. Endpoint Management

Reverse Shells Enable Attackers To Operate From Your Network. Richard Hammer August 2006

SFWR ENG 4C03 Class Project Firewall Design Principals Arash Kamyab March 04, 2004

Introduction to the EIS Guide

vrealize Air Compliance OVA Installation and Deployment Guide

Prerequisites Guide for ios

Server Installation ZENworks Mobile Management 2.7.x August 2013

Security. TestOut Modules

Introduction to Mobile Access Gateway Installation

WS_FTP Professional 12 and WS_FTP Home 12. Getting Started Guide

IBM Sterling Connect:Enterprise for UNIX

SECURE FTP CONFIGURATION SETUP GUIDE

vsphere Upgrade vsphere 6.0 EN

Introducing ZENworks 11 SP4

LifeSize Control Installation Guide

Shipping Services Files (SSF) Secure File Transmission Account Setup

SOSFTP Managed File Transfer

Exploiting the Web with Tivoli Storage Manager

ShadowLink 2. Overview. May 4, ONLINE SUPPORT emdat.com/ticket/ PHONE SUPPORT (608) ext. 1

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Network Configuration Settings

Application Note. Onsight Connect Network Requirements v6.3

E-Commerce for IT Advanced. Louis Aguila & Matt Burt

Central Administration User Guide

ANS Monitoring as a Service. Customer requirements

ASX SFTP External User Guide

Configuration Guide. BES12 Cloud

Syncplicity On-Premise Storage Connector

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

Scalable Secure Remote Access Solutions

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

Clustered Data ONTAP 8.3

Data Exchange Preparation Procedures_006. Document Control Number

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

GS1 Trade Sync Connectivity guide

freesshd SFTP Server on Windows

User's Guide. Product Version: Publication Date: 7/25/2011

Installation Guide for Pulse on Windows Server 2008R2

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Management, Logging and Troubleshooting

OnCommand Unified Manager 6.3

SolarWinds Log & Event Manager

CTS2134 Introduction to Networking. Module Network Security

SonicWALL PCI 1.1 Implementation Guide

Installation Guide. McAfee epolicy Orchestrator Software

Secure Web Appliance. Reverse Proxy

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

Security Technology: Firewalls and VPNs

Cornerstones of Security

Enabling Active Directory Authentication with ESX Server 1

Transcription:

STERLING SECURE PROXY Raj Kumar Integration Management, Inc. Raj.Kumar@integrationmgmt.com

Agenda Terminology Proxy Definition Sterling Secure Proxy Overview Architecture Components Architecture Diagram Secure Authentication Proxy Implementation Reverse Forward SSL Break Session SSL Reverse Proxy Detailed SSH Break Session SSH Reverse Proxy Detailed SSP Planning and Implementation Users Feedback

Terminology SSP Sterling Secure Proxy SSP Engine: CM: Configuration Manager CMS: Configuration Manager Store Configuration Definitions Configuration Session DMZ Demilitarized Zone SSL Secure Socket Layer Firewall Internal External Sessions Internal(Trusted Zone) External( Trading Partner)

What is Proxy Proxy server is an application that resides between a client application and a server application. It provides a high level of data protection between external connections and your internal network. Proxy Server applications help maintain security and anonymity of trusted applications at all times Sterling B2B Integrator Trading Partner Proxy Server C:D Connect Direct

Sterling Secure Proxy Overview Architecture Components SSP Engine Component resides in the DMZ and requires very minimum configuration to manage all the communication sessions. SSP Engine is configured using CM (Configuration Manager). Everything at the SSP Engine level is stored in an active memory and nothing is stored on physical disk or hard drive in the DMZ. SSP Engine property file is encrypted and contains CM IP and Port information to listen on for connections from Configuration Manager SSL key certificate, trusted certificate, and encryption cipher used for the connection from Configuration Manager Configuration Manager is installed in the trusted zone CM is used to configure your environment and configuration definitions are stored in the Configuration Manager Store. Configuration Definitions are pushed to the Engine in the DMZ using SSL connection CMS Configuration Definitions are encrypted and stored on a disk Configuration Definition User information System certificate information SSH Keys

Sterling Secure Proxy Overview Architecture Diagram

Sterling Secure Proxy Overview Secure Authentication SSP and trusted applications can maintain security standards by using one of the following methods SSL Client Authentication (Recommended) Sterling Secure Proxy initiates SSL client level authentication with the trusted applications. During this connection SSP will present certificate and trusted application will have to authenticate the validity of the certificate before the connection can be granted. Secure connection between SSP and trusted applications Ability to implement multiple factors of authentication. For example: SSL and user authentication User Authentication Sterling Secure Proxy initiates connection using user credentials. Pass through (Recommended) - this option sends the user credentials presented by the trading partner to the application in the trusted zone for authentication. This mechanism allows the user identity to be maintained at the trusted zone application. Sterling External Authentication Server Mapped User Credentials Sterling Secure Proxy uses Sterling External Authentication Server for user authentication, it receives the user credentials from the trading partner and sends them to Sterling External Authentication Server for validation. If configured, Sterling External Authentication Server returns the mapped user credentials, and Sterling Secure Proxy uses them to log on to the application in the trusted zone. Netmap (NOT Recommended) the user credentials are defined in the outbound node of the netmap that is used by Sterling Secure Proxy to establish a session with the application, in the trusted zone. Sterling Secure Proxy logs in to the trusted zone application as the same user for all sessions.

Proxy Implementation Reverse SSP provides reverse proxy services for Sterling Integrator when the trading partners initiate FTP, HTTP, SFTP, and Connect: Direct sessions to the Sterling Integrator server in the trusted zone.

Proxy Implementation Forward The client in the trusted zone connects to the forward proxy in the DMZ and the forward proxy sends connection information to the destination application at the remote trading partner

Proxy Implementation SSL Break Session The SSL session break is a primary Sterling Secure Proxy security feature. SSL Break session is created when client is using HTTP(s), FTP(s) and C:D protocols

Proxy Implementation SSL Reverse Proxy - Detailed

Proxy Implementation SSH Break Session SSH Break session is created when client is using SFTP and/or SSH protocols

Proxy Implementation SSH Reverse Proxy - Detailed

Planning and Implementation Supported Systems Windows Windows Server 2003 Enterprise Edition Service Pack 1 (32-bit) Windows Server 2008 R2 (64-bit). SSP supports 64-bit JRE with this operating system. VMware ESX and VMware vsphere with any Windows operating system supported by SSP. Unix /Linux HP-UX, version 11.23. SSP supports 64-bit JRE with this operating system. AIX 5L, version 5.3.. SSP supports 64-bit JRE with this operating system. Upgrade Vs Fresh Install Keep in mind that the underline SSP Architecture has changed from version 2.x to 3.x. Determine Level of security SSL User Authentication SSL & User Authentication Determine Communication Protocols Validation Requirements for Inbound Outbound connections Setup a password policy

Planning and Implementation SSP with Perimeter Server

What other SSP users are reporting? Add the functionality to age and expire passwords Enhancement under review The Sterling Secure Proxy sftp adapter takes 30 minutes to get up and running(version 3.1) Currently this issue does not have a resolution; it is being worked on by Sterling Commerce Support. If you believe you are experiencing this issue and would like to be notified when a resolution is reached, please open a case through Customer Center and ask that it be associated with number 83055 Where can I find the ps_200x.jar for the Sterling Secure proxy 3.0.0.1 as mentioned in the documentation? When SSP 3.0.0.1 is downloaded from ESD Portal it will be in a zip file called SSP.V3001.Windows.zip in thisz zip file you will find the perimeter jar file called ps_200x.jar. How to configure Sterling Secure Proxy Version 3 FTP Adapter with SSL for interoperability between Lftp and ProFTP How do I change the Web Service port for the Sterling Secure Proxy (SSP) Configuration Manager (CM)? Use the command '<SSPCM_installation_dir>\bin\configureCmSsl.bat -u <port>' If you run configurecmssl.bat without any arguments it will list your available options. The passphrase which was used to originally set up Sterling Secure Proxy has been mislaid. How can I reset it? Do not ever forget or lose this passphrase. If you do you will be unable to apply patches, and you will need to reinstall completely. There is NO way of circumventing this passphrase

Questions/Comments? Thank You!

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information