Messaging SWIFTNet 7.0 SWIFTNet Online Operations Manager Quick Overview December 2010
Table of Contents Preface... 3 1 Introduction... 4 1.1 Background... 4 1.2 SWIFTNet Online Operations Manager... 4 2 Functionality overview... 5 3 How to get access... 7 3.1 Available to all customers... 7 3.2 Specifying the URL... 7 3.3 Netwk configuration... 7 3.4 Netwk setup checks... 7 3.5 Browser settings... 8 3.6 System requirements... 8 4 Access control... 9 5 User Guide... 11 Legal Notices... 12 SWIFTNet Online Operations Manager Quick Overview 2
Preface Purpose of this document This document provides an overview of the SWIFTNet Online Operations Manager functionality, including infmation on how to access the service and the required netwk setup. Intended audience This document is intended f security officers, SWIFTNet project managers and customers responsible f operating the SWIFTNet environment. Related documentation SWIFTNet 7.0 Release Overview SWIFTNet Messaging Service Description SWIFTNet Messaging Operations Guide SWIFTNet Online Operations Manager Quick Overview 3
1 Introduction 1.1 Background SWIFT provides the ability f customers to manage their SWIFTNet security and routing online. Befe SWIFTNet 7.0, customers required an application such as the Alliance WebStation to administer their certificates, roles and routing rules. 1.2 SWIFTNet Online Operations Manager SWIFTNet 7.0 introduced the SWIFTNet Online Operations Manager. This service allows customers to administer their security and routing through a new SWIFT-managed service available over Browse. This service offers access to the same functionality as the GUI on the Alliance WebStation. In addition, this new service will also enable various new security features (See the SWIFTNet 7.0 Release Overview, sections 5.14 through 5.23, the SWIFTNet Service Description and SWIFTNet Operations Guide) Note that most of this new functionality is only available by accessing the new Browse service. The existing Users and Routing module of Alliance WebStation are no longer available in Alliance WebStation 7.0. As f any other Browse service, customers require the Alliance WebStation the Web Platfm to access the SWIFTNet Online Operations Manager. However customers do not need to upgrade their Alliance WebStation (release 6.x) Web Platfm (release 6.x) in der to be able to use this new Browse service (and thus the new functionality). This means that customers can start using this functionality at any time. SWIFTNet Online Operations Manager Quick Overview 4
2 Functionality overview The SWIFTNet Online Operations Manager provides the same functionality f certificate management, role management and routing management that was available in the WebStation's "Users" and "Routing" modules. In addition, it provides some new functions as well. Here is a brief overview of the main new functionality (f me infmation, see the online help the User Guide): (items indicated with * become available during the course of December 2010) Certificate Management ability to recover SNL certificates online addition of certificate expiry date in the node details screen ability to get the details of multiple nodes at the same time search capability on node name to easily find an entry in the tree ability to limit the scope of a Security Officer to a branch in the tree ability to delete nodes from the tree print the naming tree node details part of the screen ability to add a free-fmat description f any user * availability of an advanced search based on certificate parameters on user's roles * Role Management ability to get the details of multiple nodes at the same time search capability on node name to easily find an entry in the tree ability to limit the scope of a Security Officer to a branch in the tree ability to manage a group of nodes at once (group grant, group ungrant, role copy) quick view of all roles that a user has (and print this screen) print the naming tree node details part of the screen availability of an advanced search based on certificate parameters on user's roles * 4eyes authisations When the second Security Officer receives the 4eyes token from the first Security Officer, the application will present the changes made by the first Security Officer and the second can approve. Routing management ability to select individual routing rules (f reroute enable/disable operation) print routing rules ability to save selection parameters f later use * Repts certificate rept: allows to generate an up-to-date list of all certificates of your institution including their details (name, type, status, expiry date). certificate rept: option to list all certificates that will expire soon * role rept: allows to generate an up-to-date list of all users and the roles they have, across all services. Lists each time the relevant details (such as qualifier infmation). activity log: allows to generate a rept that lists all changes perfmed with regards to certificate, role routing management, as well as login and logouts to the SWIFTNet Online Operations Manager. all repts allow to save rept parameters f later use * ability to schedule automatic repts, f delivery via e-mail FileAct * SWIFTNet Online Operations Manager Quick Overview 5
Administration e-mail management: define e-mail addresses that can be used when scheduling automated repts * General ability to avoid inadvertent changes by giving appropriate read-only access * SWIFTNet Online Operations Manager Quick Overview 6
3 How to get access 3.1 Available to all customers All SWIFT customers can access the SWIFTNet Online Operations Manager, no specific subscription is required. To access the SWIFTNet Online Operations Manager, ensure that: you have the ability to access a Browse service (this means either through the Browse module of Alliance WebStation through the use of Alliance WebPlatfm) you know the URL of the service your netwk allows access to the service. The above points will allow you to access the Browse service. In addition, you need one me roles that allow you to access the functionality, that this, the menu options of the application. See the section "Access Control" below f me infmation. The current functionality (mainly certificate and role management) is available at no extra charge. The usage of these functions is included in the SWIFTNet PKI charges. 3.2 Specifying the URL The URL f the Browse service SWIFTNet Online Operations Manager on the production environment is as follows: https://www.o2m.swiftnet.sipn.swift.com. Developers who have access to the Integration TestBed (ITB) need to use the following URL: https://www.o2m-itb.swiftnet.sipn.swift.com. 3.3 Netwk configuration Like f any Browse service, customers need to ensure that their netwk setup (typically firewalls) allows to reach the web server. Customers that configure their netwk infrastructure to allow outgoing TCP sessions to the subnet range 149.134.0.0 /17 on destination TCP pt 443 (HTTPS), do not need any specific setting. Indeed, this range includes, amongst others, the IP addresses of SWIFT-operated Browse services. Customers using stringent security policies may require to configure a list of specific IP addresses. In this case, the filtering policy of the Browse customer's firewall must allow the following routes: Source Destination Host Pt Host Pt Client > 1023/tcp 149.134.126.33 443/tcp Client > 1023/tcp 149.134.127.33 443/tcp F me infmation on netwk configuration, and f details related to the Integration Testbed (ITB) environment, please refer to the Netwk Configuration Tables Guide. 3.4 Netwk setup checks You can check if your netwk setup is crect as follows: 1) check the DNS (Domain Naming Service) You can run the nslookup command on your local machine: - click "Start", "Run...", type cmd (a window opens) - type nslookup command as follows: nslookup www.o2m.swiftnet.sipn.swift.com Server: <DNS server name> Address: <DNS server IP address> SWIFTNet Online Operations Manager Quick Overview 7
Name: NLCBSL-GUA.swiftnet.sipn.swift.com ( USCBSL-GUA.swiftnet.sipn.swift.com) Address: 149.134.127.33 ( 149.134.126.33) Aliases: www.o2m.swiftnet.sipn.swift.com 2) check the DNS and the ability to reach the Browse server : Run the checkip command, the results should be similar to the following output: checkip www.o2m.swiftnet.sipn.swift.com 443 ------------------------------------------------------------------------------ Results of tests will be available in "C:\Users\SNLOwner\AppData\Local\Temp\2\checkip_1274881604_4976.out" ------------------------------------------------------------------------------ Execution Started : Wed May 26 09:46:44 2010 Hostname : <hostname> - [www.o2m.swiftnet.sipn.swift.com 443 TCP] : FULL_SUCCESS ============================================================================ Host IP : 149.134.127.33 ( 149.134.126.33) Result : FULL_SUCCESS Total Time : 32 ms ============================================================================ 3.5 Browser settings Because the SWIFTNet Online Operations Manager is a Browse service on SWIFTNet, you need to ensure your browser settings are crectly set. Please refer to the Browse Implementation Guide f the details, especially chapters 4 and 5. 3.6 System requirements Make sure your system satisfies the minimum system requirements f the interface software you are using (Alliance WebStation Alliance WebPlatfm). Also, the desktop where your run the browser that accesses the SWIFTNet Online Operations Manager should at least be "Intel Ce Duo CPU" based ( equivalent) and have sufficient memy to ensure good perfmance, preferably 3GB me. If you run on the same system other applications at the same time, then ensure that the total amount of memy is sufficient to also run these other applications. SWIFTNet Online Operations Manager Quick Overview 8
4 Access control Customers need (RBAC) roles to be able to access specific functionality provided through the SWIFTNet Online Operations Manager. If a customer has no roles to access the service, an err message will be displayed. If a customer has one me roles, then the cresponding menu options will become available. Menu options f which the customer does not have the necessary role, will be greyed out. The following is a summary of the menu options and the roles needed (f full details, see the User Guide): Menu option Certificate Management - User Certificate Management - SNL Certificate Management - Web Role Management 4eyes Authisation Routing Rules Management Certificate rept Role rept Role(s) needed SWIFT.LRA//CertificateAdministration SWIFT.LRA//CertificateAdministration4eyes SWIFT.LRA//LiteCertificateAdministration SWIFT.LRA//Viewer SWIFT.LRA//SnlCertificateAdmin SWIFT.LRA//SnlCertificateAdmin4eyes SWIFT.LRA//Viewer SWIFT.LRA//CertificateAdministration SWIFT.LRA//CertificateAdministration4eyes SWIFT.LRA//Viewer SWIFT.RBAC//Nmal User SWIFT.RBAC//Viewer SWIFT.RBAC//Delegat SWIFT.RBAC//Delegat4eyes SWIFT.RBAC//DelegatPilot SWIFT.LRA//CertificateAdministration SWIFT.LRA//CertificateAdministration4eyes SWIFT.LRA//SnlCertificateAdmin SWIFT.LRA//SnlCertificateAdmin4eyes SWIFT.RBAC//Delegat SWIFT.RBAC//Delegat4eyes SWIFT.RUG//SiteManager SWIFT.RUG//PilotSiteManager SWIFT.RUG//LiveSiteManager SWIFT.RUG//Viewer SWIFT.LRA//CertificateAdministration SWIFT.LRA//CertificateAdministration4eyes SWIFT.LRA//SnlCertificateAdmin SWIFT.LRA//SnlCertificateAdmin4eyes SWIFT.LRA//LiteCertificateAdministration SWIFT.LRA//Viewer SWIFT.RBAC//Viewer SWIFTNet Online Operations Manager Quick Overview 9
Activity log SWIFT.RBAC//Delegat SWIFT.RBAC//Delegat4eyes SWIFT.RBAC//DelegatPilot SWIFT.RBAC//Audit SWIFT.LRA//Audit SWIFT.RUG//Audit SWIFTNet Online Operations Manager Quick Overview 10
5 User Guide SWIFT provides both an on-line help as well as a User Guide f the SWIFTNet Online Operations Manager. The on-line help can be accessed through a link at the top right cner of the screen. The SWIFTNet Online Operations Manager User Guide is part of the User Handbook that customers can access through swift.com SWIFTNet Online Operations Manager Quick Overview 11
Legal Notices Copyright SWIFT 2010. All rights reserved. You may copy this publication within your ganisation. Any such copy must include these legal notices. Confidentiality This publication contains SWIFT third-party confidential infmation. Do not disclose this publication outside your ganisation without the pri written consent of SWIFT. Disclaimer The infmation in this publication may change from time to time. You must always refer to the latest available version on www.swift.com. Translations The English version of SWIFT documentation is the only official and binding version. Trademarks SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT, the SWIFT logo, Sibos, SWIFTNet, SWIFTReady, and Accd. Other product, service, company names in this publication are trade names, trademarks, registered trademarks of their respective owners. SWIFTNet Online Operations Manager Quick Overview 12