Getting Started
BlueZone Security Server Overview
The BlueZone Security
Server is a Windows NT, Windows 2000, Windows 2003 based server
software package designed primarily to provide Secure Sockets Layer (SSL)
encryption for the BlueZone Terminal Emulation family of products, as
well as other SSL enabled products. SSL
is the standard for secure Internet communications and provides a cost
effective solution ensuring data integrity, confidentiality, and authentication.
The Security Server is required only if Secure Sockets
Layer (SSL) encryption is desired and SSL is not available on the host
telnet or FTP server. The
Security Server may be installed on the same server as the BlueZone Web-to-Host
web server and the BlueZone License Manager.
NOTE
The Security
Server requires a license key in order to operate. If
you are evaluating BlueZone emulation clients and would also like to evaluate
the Security Server, you can install and run the Security Server without
a license key. When
installed without a license key, the Security Server will automatically
operate in the “Evaluation Mode” by limiting the number of concurrent
connections to the Security Server to three. All
other functions of the Security Server are available in the "Evaluation
Mode".
How BlueZone Security Server Works
The Security Server is an SSL redirector or proxy server
providing a means to connect SSL enabled BlueZone emulation client products
to systems which do not natively support SSL. The
SSL enabled clients are configured to connect to the Security Server.
Once connected,
the Security Server establishes another connection to the host computer
using a clear text connection. All
data transmitted between the client and the Security Server is encrypted,
while all data transmitted between the Security Server and the host computer
is clear text.
The Security Server provides configuration parameters
to define the path through the server hardware (Bindings)
and between TCP/IP sockets (Connections).
The Security
Server is configured to listen for SSL connection requests from clients
on one socket and create a clear text connection to the host computer
on another socket. Once
the connection is established between the client and the Security Server,
the Security Server establishes a separate connection to the configured
host then transfers the data between the two connections. Encryption
and decryption of the data passing between the client and the Security
Server occurs transparently to the user. The
only indication the user has that the session is encrypted is the lock
icon on the BlueZone emulation client status line.
The BlueZone Security Server has two modes:
An SSL to clear-text
redirector or proxy server providing encryption services for SSL enabled
BlueZone telnet , FTP sessions, and HTTPS. When
an encrypted session is established to the Security Server, the Security
Server in turn establishes a clear text connection to the host.
A clear-text to SSL redirector
or proxy server providing encryption services for non-SSL capable TCP/IP
clients allowing them to connect to SSL capable servers. When
a TCP/IP connection is established between a client application and the
Security Server, the Security Server in turn establishes a SSL session
to another Security Server or any SSL capable server.
TCP/IP Sockets
A TCP/IP socket is the combination of an IP address and
a TCP port number. TCP/IP
supports 65,535 different port numbers, therefore an equal number of sockets
per IP address on a server. Port
numbers from 0-1024 are reserved for specific protocols and should not
be used when configuring the secure side of the Security Server.
When a TCP/IP connection is established, the application
opens a socket on its computer and connects to a socket on the other computer.
A secure
socket is a TCP/IP socket connection which has been established using
the Secure Sockets Layer protocol.
Security Server and Sockets
The Security Server provides configuration parameters
to define the path through the server hardware (Bindings)
and between TCP/IP sockets (Connections).
The Security
Server is configured to listen for SSL connection requests from the BlueZone
emulation client on one socket, and create a clear text connection to
the host computer on another socket. Once
the connection is established between the BlueZone emulation client and
the Security Server, the Security Server establishes a separate connection
to the configured host then transfers the data between the two connections.
Encryption
and decryption of the data passing between the BlueZone emulation client
and the Security Server occurs transparently to the user. The
indication to the user has that the session is encrypted is the lock icon
on the BlueZone emulation client StatusBar
as shown here:
A single click on the lock icon will cause the SSL Connection Status dialog to be displayed
as shown here:
This dialog contains the details of the SSL/TLS connection.
Related Topics:
System
Requirements
Evaluating
Security Server