Remote and Local Administration
SunScreen EFS 3.0 consists of two components: a Screen and an Administration Station. The two components can be installed on a Screen and a remote Administration Station, or they can be installed locally on a single machine.
The number of Screens and Administration Stations needed at a site depends on its network topology and security policies. Typically, one Screen is installed at each network direct public access location that needs to be restricted. One or more Administration Stations can manage multiple Screens.
A machine that is being administered remotely can be headless (no monitor) and have no keyboard. You typically choose whether to administer a Screen locally or remotely when you install the SunScreen EFS 3.0 software. You can add a remote Administration Station after the Screen software has been installed.
Remote Administration
Remote administration from an Administration Station to the Screen, installs the software packages, including SunScreen SKIP, on separate machines, as shown in FIGURE 2-2. Because administration commands travel from the Administration Station to the Screen over a potentially insecure network, commands are encrypted using SunScreen SKIP.
Figure 2-2 Remote Administration From an Administration Station to a Screen in Routing Mode
In FIGURE 2-2, a remote Administration Station on the internal network administers the Screen located between the internal network and the Internet. This Screen is the router between the internal network and the Internet. A second remote Administration Station for this Screen is located on the external network. Either Administration Station can be configured to communicate with the Screen using encryption.
Local Administration
Local administration is performed on the same host where the Screen software is installed, as shown in FIGURE 2-3. Because administrative commands do not travel over a network, local administration does not require encrypted communication.
Figure 2-3 Local Administration of a Screen in Routing Mode
- © 2010, Oracle Corporation and/or its affiliates