Security modes

This table describes the different security modes:

Security level Description
No security All system network traffic is in clear text. Access to system resources is determined by the network's security.

A system with no security must have at least one engine and a host server for every engine, and may have any number of clients.

Basic security Network communications between clients and host servers are encrypted and transmitted through SSL (Secure Sockets Layer). The organization's Security administrator issues a unique revocable certificate to every authorized user. With a valid certificate, a user can access all host server functionality. Without it, the user has no access to the system at all.

Engine communications over the network are transmitted in clear text.

A system with basic security must have at least one engine and a host server for every engine, and may have any number of clients.

The Certificate Manager runs in local mode, as opposed to running as a remote client, on one and only one host server. This provides centralized certificate administration for all host servers in the system. All User certificates are issued with Certificate Manager, and then manually copied to the computer systems that run the client.

Advanced security Network communications are encrypted and authenticated as they are with basic security. Advanced security builds on basic security to provide fine-grained control over access to system resources. Used in conjunction with Certificate Manager, the ACL/Role Manager enables a security administrator to assign different permissions to different users.

A security administrator can create roles for multiple users. By assigning permissions to those roles, administrators can assign the same permissions to all users at once. Role members can be other roles and users.

Typically, a system with advanced security has multiple engines and the host servers to control them, along with multiple clients to provide remote user interfaces. One and only one of the host servers should have both Certificate Manager and ACL/Role Manager. All of the host servers in the whole system are connected to one and only one security server on a separate computer system.

This configuration gives the security administrator complete centralized control over the whole system. If certificates were managed on multiple host servers, then the security administrator's task would be much more difficult.