mvBase on the Windows Network

When mvBase is first installed, it is a completely open system. Accounts (with a few exceptions) do not have passwords, access to accounts and files is not restricted, and no other security mechanisms have been implemented.

Authorization

As an application which runs on Windows, mvBase uses an authorization key to protect the system from unauthorized use. Installation of the mvBase application is done without requiring this key. However, before mvBase can be launched, the 128-bit authorization key (16 character hexadecimal number) must be correctly entered through the mvBase Administration Utility.

The authorization key is unique to the system on which mvBase is installed and is based on a number of factors, including the date and time the operating system was installed and the number of mvBase user licenses purchased from Rocket. Reinstalling either the host operating system or mvBase itself will require a new key from Rocket to enable the mvBase operation. For additional information regarding the authorization key and other installation issues, see the mvBase online help systems, release notes, or other documentation current for your release of mvBase.

Resource Security

The mvBase implementation of resource security begins with the creation of an account with an associated password. Without any modifications, any user with the password will have access to the account, programs  and the data files contained within them.

User-based security can be implemented with the addition of specific password protected user-accounts which contain appropriate Q-pointers back to the account containing the business data, as well as menu systems.

mvBase is actually a two-component Windows application. The components are named Server and Workstation and should not be confused with the similarly named products. The mvBase engine is the Server component which maintains the database, the proprietary MultiValue applications; the total MultiValue environment. The mvBase Workstation maintains and manages the client and printer connections, whether these are network or serial clients and printers.

mvBase supports these distinct classes or types of standard clients:

From the network standpoint, the classical character-only terminals do not use the network and thus are subject only to the mvBase security. The other client types each operate somewhat differently.

As a minimum, mvBase requires the installation of at least one instance of the Server and Workstations. Both of these components are typically installed in the same system which hosts and serves the mvBase data.

The mvBase Workstation controls any serial terminals, serial and/or network printers, and presents the Telnet Server(s) to the network. As a completely separate application, the Workstation only communicates with the mvBase Server using the interprocess communication of the Windows operating system.

These interprocess communications are subject to the Windows security system, including user name and password authentication. Therefore, clients that connect to the Workstation, including the Telnet and serial clients, are allowed to connect to the mvBase Server based on the access already provided to the Workstation.

In environments where there are many or geographically dispersed users, additional instances of the mvBase Workstation can be started on remote network systems. These remote instances of the Workstation can be on Windows systems.

In this situation, the name of the system hosting the mvBase Server must be specified during the startup of the remote mvBase Workstation. During startup, a network connection is established to the remote system and is verified and authorized. If this is successful, any remote serial terminals or Telnet clients connecting to the remote Workstation are automatically passed through to the mvBase Server through the established and verified link.

The mvTerm proprietary terminal emulation application connects directly to the Server of mvBase, bypassing the Workstation(s) that are installed and launched. In connecting to the system hosting the mvBase Server system, the client is challenged by the Windows security system, seeking a valid username and password.

Once validated, the network client is connected to the mvBase Server. If the user is not an authorized user of the mvBase Server host system, the attempted connection is rejected. An end-user may be authorized to use a multitude of network and system resources but prevented from using the mvBase application and resources.

See Also

mvBase System Security

Implementing Windows Security

Implementing MultiValue Security