Hiển thị kết quả từ 1 đến 1 / 1
  1. #1
    Tham gia
    Đà nẵng
    Bài viết
    Thanked 7 Times in 6 Posts

    Các đặc tính của E-Speak Firewall Gateway

    Firewall Gateway

    This section describes:
    • Orientation to the firewall gateway — introduces the e-speak firewall gateway framework and describes the firewall gateway’s constraints to clarify standard scenarios and protocols
    • Infrastructure requirements — specifies hosting parameters and
    requirements for making a connection (for example, from an intranet to a demilitarized zone (DMZ))
    • Firewall gateway configuration — describes configuration files for the firewall gateway
    • Internal engine configuration — defines when to modify the internal engine’s e-speak configuration file
    • How an external engine connects to the firewall gateway — covers associated configuration properties
    • Reconfiguring the firewall gateway without stopping it — lists the procedures for performing administrative tasks while the gateway is running
    • Limitations — lists currently-known limitations

    The e-speak firewall gateway (also called the SLS gateway) is software-based and mediates access between external clients and e-speak services that reside behind a corporate firewall (internal services). The clients may be located either on the
    Internet or on the Intranet of another company. The firewall gateway acts as an access control point between external clients and internal services by authenticating and authorizing external clients based on SLS attribute certificates.

    In a typical scenario, the gateway resides between an external client's engine and an internal service's engine. It Authenticates and authorizes all requests from the external entities (both clients and engines) based on company-wide access
    requirements. A company can use the SLS gateway to impose certain basic, or default, access control requirements on external entities before they access any internal e-speak engines or services. These requirements are over and above the
    access control requirements imposed by the individual internal engines or services.

    In e-speak terms, an external client/engine must possess valid certificates to satisfy both the requirements of the internal engine/service and those of the gateway to access the internal engine/service.

    Infrastructure Requirements
    The gateway is typically hosted in the a company’s DMZ. Because the gateway cannot make inbound connections to internal engines, the engines must make an outbound connection to the gateway. This is a connection from the Intranet to the DMZ and requires either an HTTP proxy or a Socks (>= V4) server at the firewall to
    make the connection.

    Firewall Gateway Configuration
    This section lists the configuration files necessary configure the firewall gateway.

    E-speak-Specific Configuration File
    The gateway uses the standard e-speak configuration file (by default $espeak_home/config/espeak.cfg) to read e-speak specific configuration information. This includes security configuration such as security role, the location of the pse file, and the location of certificates. Although the gateway runs as a standalone Java™ application, it re-uses various e-speak libraries (especially the security code). This is the man reason it needs the e-speak configuration file: for the sake of the e-speak libraries that need this file.
    Được sửa bởi QUOCDN lúc 17:12 ngày 02-09-2006
    Quote Quote


Quy định

  • Bạn không thể tạo chủ đề mới
  • Bạn không thể trả lời bài viết
  • Bạn không thể gửi file đính kèm
  • Bạn không thể sửa bài viết của mình