Integration News
IBM Secure Proxy (SSP) and IBM Sterling External Authentication Server (SEAS) Implementations
Implementation 1.
Migrate SSP and their configurations
These tasks focus on the migration of SSP configurations to a new environment and their validation.
Tasks:
- Migration artifacts from/to IBM Secure Proxy
- Certificates & Keys migration to IBM Secure Proxy
- Unit tests
- Evidences documentation
- Support
Implementation 2.
SFTP, HTTP or FTP configuration on SSP in passthrough.
This task focuses on implementing SSP in a MFT environment with the configuration of secure communications for the DMZ (Secure MFT environment).
Tasks:
- Study and generation of artifacts in IBM Secure Proxy for SFTP, HTTP, FTPS or C:D
- Study and generation of artifacts in IBM B2B Integrator for SFTP, HTTP, FTPS or C:D
- Certificates or Keys migration to IBM Secure Proxy
- Secure connections between SSP and SBI
- Unit tests
- Evidences documentation
- Support
This architecture contains all the advantages of installing a reverse proxy at the DMZ level. Authentication is delegated to a Backend service, in this case, IBM Sterling File Gateway / IBM Sterling B2B Integrator. A single open connection from the Trusted Zone to the DMZ for all incoming protocols.
Implementation 3.
SFTP configuration in SSP with SEAS in SSO delegating password to LDAP
This task focuses on the implementation of SSP and SEAS in a MFT environment with the configuration of secure
communications for the DMZ and delegation of user and password authentication for inbound communications delegated to an LDAP or AD.
Tasks:
- Study and generation of artifacts in IBM Secure Proxy and IBM B2B
Integrator for SFTP. - Study and generation of artifacts in SEAS for password auth in LDAP.Keys configuration to IBM Secure Proxy.
- Secure connections between SSP and SBI.
- Unit tests.
- Evidences documentation.
- Support.
This architecture contains all the advantages of installing a reverse proxy at the DMZ level.
Authentication using user/password relation with a single validation thanks to the Single Sign On (SSO) functionality.
Authentication is done at DMZ level using SEAS communication which in turn delegates authentication to LDAP.
A single open connection from the Trusted Zone to the DMZ for all incoming protocols.
Implementation 4.
SFTP configuration in SSP with SEAS in SSO delegating password to LDAP and KEY to SBI
This task focuses on the implementation of SSP and SEAS in a MFT environment with the configuration of secure
communications for the DMZ and delegation of user and password authentication for inbound communications delegated to an LDAP or AD and user and SSH key authentication delegated to SBI.
Tasks:
- Study and generation of artifacts in IBM Secure Proxy and IBM B2B Integrator for SFTP
- Study and generation of artifacts in SEAS for password auth in LDAP and key auth in SBI
- Keys configuration to IBM Secure Proxy
- Secure connections between SSP and SBI
- Unit tests
- Evidences documentation
- Support
This architecture contains all the advantages of installing a reverse proxy at the DMZ level. Authentication using user-password and/or user-key relation with a single validation thanks to the Single Sign On (SSO) functionality. Authentication is done at DMZ level using SEAS communication which in turn delegates authentication to LDAP for Password and SBI for Key. A single open connection from the Trusted Zone to the DMZ for all incoming protocols.
Rating for security
Implementation 1: Migrate SSP and their configurations
Implementation 2:
SFTP, HTTP or FTP configuration on SSP in passthrough
Implementation 3:
SFTP configuration in SSP with SEAS in SSO delegating
password to LDAP
Implementation 4:
SFTP configuration in SSP with SEAS in SSO delegating
password to LDAP and KEY to SBI
Low Secure.
The solution lacks up-to-date security features and optimization is strongly
recommended.
Medium Secure.
The solution consists of up to-date security elements but there is potential for improvement.
High Secure. The solution consists of upto-date security elements.
Haga clic en el siguiente botón para descargar este boletín en formato Pdf.