Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Communications and Data Encryption > Types of Encryption >

Communications Encryption

To make sure that information remains private, Siebel Business Applications support the use of the following encryption technologies for communications:

  • TLS encryption for Web client connections. For data security over the Internet, Siebel Business Applications support the use of the Transport Layer Security (TLS) capabilities of supported Web servers to secure transmission of data between the Web browser and the Web server. The use of TLS for Web server and Siebel Web Client communications is transparent to Siebel Business Applications. For information on configuring TLS for Web server communications with the browser, see the vendor documentation.

    Siebel Business Applications can be configured to run completely under HTTPS, have specific pages run under HTTPS (for standard interactivity only), or simply handle login requests under HTTPS. For more information, see Configuring a Siebel Web Client to Use HTTPS and Login Security Features.

  • Encryption for SISNAPI connections (SSL, TLS, Microsoft Crypto, or RSA). For communications between Siebel components, Siebel administrators can enable encryption for SISNAPI (Siebel Internet Session API). SISNAPI is a TCP/IP-based Siebel communications protocol that provides a security and compression mechanism for network communications.

    SISNAPI encryption can be based on SSL, TLS, or on Microsoft Crypto API or RSA algorithms. SSL, TLS and RSA are supported on multiple operating systems. By default, SISNAPI encryption based on SSL and TLS uses the DES algorithm with a 56-bit key that performs both encryption and decryption. To upgrade to the AES algorithm with 256-bit encryption keys, use Siebel Strong Encryption. For information, see About Siebel Strong Encryption.

    SSL and TLS also supports certificate authentication between the Web server and the Siebel Server, or between Siebel Servers.

    NOTE:  Oracle does not support the use of SSL v3.0 encryption for environments with high-security requirements. It is recommended that you implement TLS encryption where possible. For additional information, see Using Secure Socket Layer v3.0 with Siebel CRM.

  • SSL or TLS encryption for connections to directory servers. SSL encryption is supported for connections to certified LDAP directories. TLS encryption is supported for connection to Active Directory.
  • SSL or TLS encryption for connections to email servers. SSL encryption is supported for connections to email servers using Siebel Communications Server components. TLS encryption is supported for connections to Microsoft Exchange Server 2007 or 2010 email servers. For information, see Siebel Email Administration Guide.
  • Encryption of communications between the Siebel Server and the Siebel database. The encryption technologies available to encrypt communications between the Siebel Server and the database depends on the encryption methods supported by your RDBMS vendor. For information on how to configure communications encryption between the Siebel Server and the Siebel database, contact your third-party RDBMS vendor.

Figure 3 shows some of the types of communications encryption available in a Siebel Business Applications environment.

Figure 3. Communications Encryption in the Siebel Application Environment

The encryption mechanisms illustrated in Figure 3 are as follows:

  1. Web client and wireless client connections. If supported by your Web server, TLS can be used to secure transmission of data between the Web browser and the Web server.
  2. Siebel Mobile Web Client connections. You can use either MSCRYPTO or RSA encryption for Mobile Web Client communications with the Siebel Remote server.
  3. Email server connections. SSL or TLS encryption for connections to email servers is supported.
  4. SISNAPI connections. SISNAPI encryption of communications between Siebel components can be based on SSL, TLS, or on Microsoft Crypto API or RSA algorithms.

Using Secure Socket Layer v3.0 with Siebel CRM

Oracle does not support the use of SSL v3.0 encryption for environments with high-security requirements as a result of security vulnerabilities recently discovered in the design of SSL v3.0. It is recommended that you implement the Transport Layer Security (TLS) protocol instead of SSL whenever possible.

SSL and TLS can potentially be implemented for the following services and communications paths in a Siebel CRM implementation:

  • Siebel Web server to Siebel Web Client communications
  • Encryption for SISNAPI communications between Siebel Enterprise components, for example, communications between the Siebel Server to Siebel Web server (SWSE), or between Siebel Servers
  • Encryption for SMTP, IMAP, and POP3 sessions between a Siebel Server and an email server
  • Communications between an LDAP or ADSI security adapter and a directory server
  • Communications using the Siebel Business Applications external interfaces (EAI), which use Web services to send and receive messages over HTTP

TLS encryption is not currently available for all the Siebel services or communication paths listed. For information about the support for TLS encryption provided by Siebel CRM, see 1944467.1 (Article ID) on My Oracle Support.

      
Siebel Security Guide Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices.