|
BlueZone Security |
Chapter 7 |
The SEAGULL Security Server is a Windows NT, Windows 2000, Windows 2003 based server software package designed primarily to provide Secure Sockets Layer (SSL) encryption for the BlueZone terminal emulator product line as well as other SSL enabled products. SSL is the standard for secure Internet communications and provides a cost effective solution ensuring data integrity, confidentiality, and authentication.
The SEAGULL Security Server is an SSL redirector or proxy server providing a means to connect SSL enabled BlueZone client products to systems which do not natively support SSL. The SSL enabled clients are configured to connect to the SEAGULL Security Server. Once connected, the SEAGULL Security Server establishes another connection to the host computer using a clear text connection. All data transmitted between the client and the SEAGULL Security Server is encrypted, while all data transmitted between the SEAGULL Security Server and the host computer is clear text.
NOTE If
you are evaluating BlueZone and would also like to evaluate the SEAGULL
Security Server, you can install and run the SEAGULL Security Server without
a license key. When
installed without a license key, the SEAGULL Security Server will automatically
operate in the “evaluation mode” by limiting the number of connections
to the SEAGULL Security Server to three. All
other functions of the SEAGULL Security Server are available in the "evaluation
mode".
How SEAGULL Security Server Works
NT Domain Authentication Server Requirements
Installing SEAGULL Security Server
Configuring SEAGULL Security Server
The SEAGULL Security Server is an SSL redirector or proxy server providing encryption services for SSL enabled HTTP sessions, BlueZone, BlueZone Web-to-Host , and BlueZone VT (telnet) and BlueZone Secure FTP sessions. When an encrypted session is established between the client and the SEAGULL Security Server, the SEAGULL Security Server in turn establishes a clear text connection to the host.
The SEAGULL Security Server provides configuration parameters to define the path through the server hardware (Bindings) and between TCP/IP sockets (Connections). The SEAGULL Security Server is configured to listen for SSL connection requests from clients on one socket and create a clear text connection to the host computer on another socket. Once the connection is established between the client and the SEAGULL Security Server, the SEAGULL Security Server establishes a separate connection to the configured host then transfers the data between the two connections. Encryption and decryption of the data passing between the client and the SEAGULL Security Server occurs transparently to the user. The only indication the user has that the session is encrypted is the lock icon on the BlueZone status line.
Illustration 8-5
The SEAGULL Security Server is required only if Secure Sockets Layer (SSL) encryption is desired and SSL is not available on the host telnet or FTP server. The SEAGULL Security Server may be installed on the same server as the BlueZone Web-to-Host web server and the SEAGULL License Manager.
NOTE If
you would like to evaluate the SEAGULL
Security Server, you can install and run the SEAGULL
Security Server without a license key. When
installed without a license key, the SEAGULL
Security Server will automatically operate in the “evaluation mode”
by limiting the number of connections to the SEAGULL
Security Server to three. All
other functions of the SEAGULL Security
Server are available in the “evaluation mode”.
SEE
If you
would like to install the SEAGULL Security
Server, please refer to the SEAGULL
Security Server QuickStart Guide located on the BlueZone CD.
Microsoft provides the capability for the NT Server applications to authenticate remote users to the NT Domain. To accomplish this, the NT Server hosting the SEAGULL Security Server must be configured properly. There are two authentication scenarios that affect how the server is configured.
In this application, the NT Server may be installed as a stand-alone server or a domain controller. In most instances, the server will be stand-alone. To run the Seagull Security Server, a user must be logged into the system. The End User logged into the system must have “Act as Part of the Operating System” rights, set in the Windows NT User Manager. Users to be authenticated are added to the server in the User Manager.
In this application, the NT server must be installed as a Backup Domain Controller. This is required for the Seagull Security Server to access the security database to authenticate the incoming users. To run the SEAGULL Security Server, an End User must be logged into the system. The user logged into the system must have “Act as Part of the Operating System” rights, set in the Windows NT User Manager. Users are authenticated to NT Domain for which the NT Server is a backup.
Installing SEAGULL Security Server is very quick and easy. SEAGULL Security Server can be found on the BlueZone CD, and comes complete with it’s own an “installer” program.
SEE
SEAGULL
Security Server QuickStart Guide for step-by-step installation
instructions on how to install the SEAGULL Security Server.
Once installed, the SEAGULL Security Server is easy to configure and operate. Every configuration requires a minimum of two components; a Binding, and a Connection.
A Binding specifies addresses to be used for incoming client connections and the outgoing host connection. If the addresses are different, the Security Server acts like a bridge or router spanning different networks. Bindings may span dissimilar networks, such as Ethernet to Token-ring, provided TCP/IP is bound to both NICs in the Windows operating system Network Settings. A Binding must be defined before a Connection can be defined.
A Connection defines a path through the Security Server through which clients will access host applications.
SEE
SEAGULL
Security Server QuickStart Guide for specific configuration information.