THIN CLIENT USAGE IN LONG-TERM ARCHIVATION ENVIRONMENT



Similar documents
System Services. Engagent System Services 2.06

Corporate Access File Transfer Service Description Version /05/2015

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

White Paper. Securing and Integrating File Transfers Over the Internet

Windows Web Based VPN Connectivity Details & Instructions

ABSTRACT I. INTRODUCTION

Archival Data Format Requirements

SOFTNIX LOGGER Centralized Logs Management

From Network Security To Content Filtering

Secure Authentication and Session. State Management for Web Services

LifeSize Video Center Administrator Guide March 2011

MAC Web Based VPN Connectivity Details and Instructions

Why you need secure

Secure Web Appliance. SSL Intercept

Sync Security and Privacy Brief

Policy Guide Access Manager 3.1 SP5 January 2013

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Xerox Multifunction Devices. Verify Device Settings via the Configuration Report

Sonian Getting Started Guide October 2008

CS 356 Lecture 28 Internet Authentication. Spring 2013

Enterprise Remote Control 5.6 Manual

Internet Technologies_1. Doc. Ing. František Huňka, CSc.

REDCap General Security Overview

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

TIB 2.0 Administration Functions Overview

HP IMC Firewall Manager

Document Management. Introduction. CAE DS Product data management, document data management systems and concurrent engineering

Software License Registration Guide

Chapter 7 Managing Users, Authentication, and Certificates

FileMaker Security Guide The Key to Securing Your Apps

CBIO Security White Paper

Chapter 8: Security Measures Test your knowledge

ManageEngine ADSelfService Plus. Evaluator s Guide

Project management integrated into Outlook

FileMaker Server 11. FileMaker Server Help

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

QUANTIFY INSTALLATION GUIDE

Chapter 8 Monitoring and Logging

Collax Web Security. Howto. This howto describes the setup of a Web proxy server as Web content filter.

HP A-IMC Firewall Manager

Introduction. Friday, June 21, 2002

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

Official Journal of RS, No. 86/2006 of REGULATION

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

Customer Tips. Xerox Network Scanning TWAIN Configuration for the WorkCentre 7328/7335/7345. for the user. Purpose. Background

How To Get To A Cloud Storage And Byod System

Intro to Firewalls. Summary

OpenScape Voice V8 Application Developers Manual. Programming Guide A31003-H8080-R

Implementation Guide SAP NetWeaver Identity Management Identity Provider

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Significance of Proficient Event Logs Archiving in prevailing over Compliance Worries Whitepaper

2X ApplicationServer & LoadBalancer Manual

Configuring CQ Security

KASPERSKY LAB. Kaspersky Administration Kit version 6.0. Administrator s manual

FileMaker Security Guide

FileMaker Server 10 Help

Monitoring Replication

qliqdirect Active Directory Guide

Text Banking FAQ How do I sign up? Text Banking

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Installation & Configuration Guide

DEPLOY A SINGLE-SERVER OFFICE WEB APPS SERVER FARM THAT USES HTTPS

Iowa Immunization Registry Information System (IRIS) Web Services Data Exchange Setup. Version 1.1 Last Updated: April 14, 2014

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Introduction. Connection security

Web Service for Observer. Installation Manual. Part No Revision A

AdjumedCollect. User Manual. Version: AdjumedCollect is the instrument used for the collection of data.

Empower TM 2 Software

ViPNet ThinClient 3.3. Quick Start

Step-by-Step Configuration

7.0 Self Service Guide

Design Notes for an Efficient Password-Authenticated Key Exchange Implementation Using Human-Memorable Passwords

Chapter 9 Monitoring System Performance

Check Point FW-1/VPN-1 NG/FP3

THE IMPORTANCE OF CODE SIGNING TECHNICAL NOTE 02/2005

OpenSSO: Cross Domain Single Sign On

Skoot Secure File Transfer

RCC SIGNATURE DATA BASE FUNCTIONAL REQUIREMENTS DOCUMENT

Document management and exchange system supporting education process

High Availability for Citrix XenApp

WebMarshal User Guide

ETERE MEDIA LIBRARY: The best secure solution for your media

Nuclear Plant Information Security A Management Overview

Performance Characteristics of Data Security. Fabasoft Cloud

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

MODULE 7: TECHNOLOGY OVERVIEW. Module Overview. Objectives

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Zenprise Device Manager 6.1.5

Content Filtering Client Policy & Reporting Administrator s Guide

Royal Mail Business Integration Gateway Specification

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android with TouchDown

CoSign for 21CFR Part 11 Compliance

OutDisk 4.0 FTP FTP for Users using Microsoft Windows and/or Microsoft Outlook. 5/1/ Encryptomatic LLC

Software Requirements. Specification. Day Health Manager. for. Version 1.1. Prepared by 4yourhealth 2/10/2015

CommVault Simpana Archive 8.0 Integration Guide

PROACTIVE IT / IS MONITORING FOR BUSINESS CONTINUITY PLANNING

ADFS Integration Guidelines

Transcription:

THIN CLIENT USAGE IN LONG-TERM ARCHIVATION ENVIRONMENT INFORMAČNÍ MANAGEMENT Rudolf Vohnout Introduction Long-term archive ( LTA ) service has been based upon existence server and a client, where client side has been solved by thick client installation. So far, thick client is represented by application interface, which is directly communicating with LTA. In fact, it is using LTA Protocol ( LTAP ) to receive, generate, and transmit extensible Markup Language ( XML ) commands over the network. Even though thick client solution is stable, robust, and precisely coded, LTAP XML processing could be also performed by web server engine. This type of solution would enable users to use thin clients on their sides. Both solutions have their advantages and disadvantages which will be compared later on. Nevertheless this article will focus mainly on thin client, as a new approach to the LTA communication within LTAP. 1. Strong and Weak Sides of Thin Client Solution in LTA Environment Both thin and thick clients derive benefits from universality of XML format. At the beginning it is necessary to compare its advantages and disadvantages (see Tab. 1). However it is still difficult to find clear winner between these two ways of communication. A spread among users depends on local conditions, but from very beginning it is clear that the implementation of the thin client will be much easier. Before we perform implementation it is necessary for us to know following: Computers hardware configurations, operating systems. Network configuration and organization scheme (departments etc.). Classification of users who have access to LTA services. Supposed type of data intended to store to the LTA. 2. LTA Thin Client Working Background in Greater Detail Underlying idea of thin client functionality within LTA system is quite simple. LTA user using previously defined type of thin client (web browser in this case) will connect to the LTA. In detail, LTA user using appropriate thin client will connect to the secured web site running on web server with Hypertext Preprocessor ( PHP ) engine. After successful authentication process, certain LTA user will gain access to LTA services according to the rules set for the user group he belongs to (see Fig. 1). In general, web server is just handling LTAP XML commands for the user, the same thing thick Tab. 1: Advantages and disadvantages of the thin client in LTA environment Advantages Disadvantages Operating system independent Most of the processing is done on server side Lower hardware requirements No need for additional supportive software More secure than a thick client user is not communicating directly with LTA server Need of web server mediator with PHP engine for processing Possible slight functional differences among different web browsers Possible longer request/response processing time E + M EKONOMIE A MANAGEMENT 3 / 2008 strana 127

Fig. 1: LTA s general outline client does. However, relations and communication within LTA is much more complex. Once LTA user connects from the outside and begins authentication process by entering login information, web server starts to generate LTAP XML tags according to the specification, Appendix D of [2] to verify user on LTA server. LTA server accepts (rejects) and processes these XML request tags and responses with appropriate XML tags back to the web server. Response tags are accepted and processed by a web server. According to the response user is authenticated or rejected by a web server. Analogically all user activities made on the web servers PHP interface generate proper LTAP XML tags, which are immediately send to the LTA server. There is an exception to the rule. When LTA user wants to archive or export certain electronic document, network connection between web and LTA servers is not just sending and receiving XML tags according to the user activity. In the archivation case, document (or raw data) is stored on the web server first, and then finally transmitted to the LTA server. Appropriate hash check sum is generated and then compared to the one provided by user. If those two do not match, document is rejected by LTA (i.e. file is different than the one provided by user, in other words document is corrupted and authenticity cannot be proven later on). In the export case web server just performs mediation (translation) function between LTA and thin client. 2.1 LTA as a Functional System This part will primarily focus on the communication behind firewall. If we would accept LTA as one and the only piece of the system behind firewall, we would probably be interested in knowing which types of users would have access to this system. They can be divided into three main groups, coming from the traditional archival organizational system. Three basic user groups constitute fundamental user base with appropriate access permissions (see Tab. 2). The user base can be extended hand in hand with set of custom permissions, and depends on local requirements and conditions. It is necessary to present system scheme (see Fig. 2) in order to demonstrate how interactions between LTA system and LTA user base work. Traditional archival function Archive Administrator Tab. 2: User groups overview Role of the person in an archive Has complete archive management and responsibility Permissions (roles) in LTA Complete control Archivist Adds new titles and exemplars into archive, takes care of exemplars and titles under explicit section Adds new electronic documents, control over documents archived by the same user group Explorer Has complete archive access, but just for exploring already archived titles and exemplars Read-only access user strana 128 3 / 2008 E + M EKONOMIE A MANAGEMENT

Fig. 2: User groups and their interactions with LTA system INFORMAČNÍ MANAGEMENT Since exact number of users (service load factors) is unknown, LTA systems cannot be setup to handle explicit load. We can predict the real situation based upon results of several experiments with the web server load endurance. Moreover, general formula for the LTA system load can be defined. where: 1 i 3 and n Z U i...user of i-group L u...load generated by certain user (1) hsn LTA...hardware, software, LTA system network configuration of LTA cq web... PHP source code quality When load generated by users is not higher than LTA it is expected to work out, reliability of LTA would be lower. The closer result of the formula gets to 1, the less services provided by LTA can get accessible. Ideally LTA system load shouldn t exceed 80 %. Indeed security aspects of the thin client solution in the LTA cannot be forgotten. Therefore communication between thin client and web server is accomplished over secured HTTP, where all data information going through the network are encrypted. LTA system itself is protected by firewall which filters out all unwanted network traffic. 3. Web Interface Layout Overview Purpose of the web interface was from the very beginning to provide comfortable layout for the LTA user (see Fig. 3). It was intended to be an alternative solution to existing thick client with wider area of implementation. Appropriate rights according to the user group policy will be set up once a client is successfully logged in to the LTA. This means that there will be a specific restriction for normal users with an exception for LTA administrators (according to the Tab. 2). Whole functionally corresponds to [2] with few exceptions. First major exception consists of a possibility of direct lifetime extension for certain already archived electronic document. However this option has to be allowed globally by LTA administrator. The second exception is an implementation of linkage hashes [3] to prove sequence of how documents were stored into the LTA. User metadata can be stored into the LTA in three possible ways (according to [2]). Option from file allows user to store metadata along with the document s raw data as XML file. At first, this file is checked for validity and then XML tags carrying certain information stored into database. If some of the required fields are missing archive process is rejected. If optional fields are missing web interface returns warnings to the user, but the storage process can continue. If export is requested for certain archived electronic document, user can retrieve generated XML file with all related metadata besides the raw document. This XML file structure corresponds to the one that is anticipated for import. Besides these features web interface can also show status information about the document. This covers status of electronic signature and time stamp plus file integrity check. Regarding E + M EKONOMIE A MANAGEMENT 3 / 2008 strana 129

Fig. 3: LTA web interface main screen deleting achieved documents from LTA, it should be mentioned, that document is not going to be physically removed, LTA just stops maintaining status of this document. Conclusion Regarding to this article, a thin client solution for the LTA could represent very sufficient alternative to an existing thick client. Its wider usage is just a matter of time and a decision on implementation of these two solutions depends on local conditions in certain environment. One of the options is to use thin and thick clients simultaneously. In this case thin solution can be used as alternative (backup) to the thick client. As a creator of this solution along with Security Technology Competence Centre ( SETCCE ) cooperation and according my experience, I hope there will not be too many obstructions with implementation in future. References: [1] BLAŽIČ, J. A. Long-term Archive Protocol (LTAP) [online]. Internet Engineering Task Force, Internet draft, updated February 25, 2008, expires August 28, 2008, [cit. 2008-05-0]. <http://www.ietf.org/ internet-drafts/draft-ietf-ltans-ltap-06.txt>. [2] BRAY, T., PAOLI, J., SPERBERG-MCQUEEN, C. M., MALER, E., YERGEAU, F. Extensible Markup Language (XML) 1.0 [online]. 4th ed. W3C : 2006. [cit. 2007-11-26], <http://www.w3.org/tr/ REC-xml>. [3] DOSTÁLEK L. Big guidebook of the PKI infrastructure and electronic signature technology. 1st. ed., Praha: Computer Press, 2006. ISBN 80-251-0828-7. Ing. Rudolf Vohnout Univerzita Pardubice Fakulta ekonomicko-správní Ústav systémového inženýrství a informatiky Studentská 84 532 10 Pardubice rudolf.vohnout@student.upce.cz Doručeno redakci: 10. 1. 2008 Recenzováno: 28. 4. 2008 Schváleno k publikování: 3. 7. 2008 strana 130 3 / 2008 E + M EKONOMIE A MANAGEMENT

ABSTRACT THIN CLIENT USAGE IN LONG-TERM ARCHIVATION ENVIRONMENT Rudolf Vohnout This paper focuses on a new approach to the solution of users communication problem with the long-term archive services. In the business, government, or any other environment could be real situations, when usage of the original thick client cannot be applied because of its special requirements. On one hand thick client ensures highest possible error free assignment, and on the other hand thin client usage can be a solution in special cases. Its goal from the very begging wasn t to replace thick client, but just supplement it in the environments where thick client cannot be used while still makes its main functionalities accessible. Typically in the huge organizations with non-unified company IT policy thin client could be contribution. However usage of thin client has its limitations which will be expressed within the article. Emphasis will be placed on main differences between two previously mentioned solutions in different environments as well as their mutual comparison. Moreover, big difference between thick and thin can be found in the way how and which data are transmitted between server and client along with security admissions which will be revealed likewise. Then functional principles of this brand new solution will be revealed along with roles of users, their permissions, and division into groups, plus their influence on system part. Security related things will be briefly mentioned too along with some drawbacks of the proposed solution. At the end self web interface layout of the long-term archive service server mediator will be explained and briefly described. Key Words: LTA, XML, LTAP, PHP, system, thin client, electronic document JEL Classification: L84, L86, M15 E + M EKONOMIE A MANAGEMENT 3 / 2008 strana 131

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information