IBM Secure Proxy (SSP) and IBM Sterling External Authentication Server (SEAS) Implementations

Integration News

IBM Secure Proxy (SSP) and IBM Sterling External Authentication Server (SEAS) Implementations

Implementation 1.

Migrate SSP and their configurations

These tasks focus on the migration of SSP configurations to a new environment and their validation.
Tasks:

Migration artifacts from/to IBM Secure Proxy
Certificates & Keys migration to IBM Secure Proxy
Unit tests
Evidences documentation
Support

Implementation 2.

SFTP, HTTP or FTP configuration on SSP in passthrough.

This task focuses on implementing SSP in a MFT environment with the configuration of secure communications for the DMZ (Secure MFT environment).
Tasks:

Study and generation of artifacts in IBM Secure Proxy for SFTP, HTTP, FTPS or C:D
Study and generation of artifacts in IBM B2B Integrator for SFTP, HTTP, FTPS or C:D
Certificates or Keys migration to IBM Secure Proxy
Secure connections between SSP and SBI
Unit tests
Evidences documentation
Support

This architecture contains all the advantages of installing a reverse proxy at the DMZ level. Authentication is delegated to a Backend service, in this case, IBM Sterling File Gateway / IBM Sterling B2B Integrator. A single open connection from the Trusted Zone to the DMZ for all incoming protocols.

Implementation 3.

SFTP configuration in SSP with SEAS in SSO delegating password to LDAP

This task focuses on the implementation of SSP and SEAS in a MFT environment with the configuration of secure
communications for the DMZ and delegation of user and password authentication for inbound communications delegated to an LDAP or AD.
Tasks:

Study and generation of artifacts in IBM Secure Proxy and IBM B2B
Integrator for SFTP.
Study and generation of artifacts in SEAS for password auth in LDAP.Keys configuration to IBM Secure Proxy.
Secure connections between SSP and SBI.
Unit tests.
Evidences documentation.
Support.

This architecture contains all the advantages of installing a reverse proxy at the DMZ level.
Authentication using user/password relation with a single validation thanks to the Single Sign On (SSO) functionality.
Authentication is done at DMZ level using SEAS communication which in turn delegates authentication to LDAP.
A single open connection from the Trusted Zone to the DMZ for all incoming protocols.

Implementation 4.

SFTP configuration in SSP with SEAS in SSO delegating password to LDAP and KEY to SBI

Study and generation of artifacts in IBM Secure Proxy and IBM B2B Integrator for SFTP
Study and generation of artifacts in SEAS for password auth in LDAP and key auth in SBI
Keys configuration to IBM Secure Proxy
Secure connections between SSP and SBI
Unit tests
Evidences documentation
Support

This architecture contains all the advantages of installing a reverse proxy at the DMZ level. Authentication using user-password and/or user-key relation with a single validation thanks to the Single Sign On (SSO) functionality. Authentication is done at DMZ level using SEAS communication which in turn delegates authentication to LDAP for Password and SBI for Key. A single open connection from the Trusted Zone to the DMZ for all incoming protocols.

Rating for security

Implementation 1: Migrate SSP and their configurations

Implementation 2:
SFTP, HTTP or FTP configuration on SSP in passthrough

Implementation 3:
SFTP configuration in SSP with SEAS in SSO delegating
password to LDAP

Implementation 4:
SFTP configuration in SSP with SEAS in SSO delegating
password to LDAP and KEY to SBI

Low Secure.
The solution lacks up-to-date security features and optimization is strongly
recommended.

Medium Secure.
The solution consists of up to-date security elements but there is potential for improvement.

High Secure. The solution consists of upto-date security elements.

Haga clic en el siguiente botón para descargar este boletín en formato Pdf.

Descargar