Provisioning Server Security

The following list describes the three types of connections to the Control Center, each of which has security measures in place:

• Web access secured by Secure Socket Layer (SSL)

  The Control Center uses SSL security (high-strength, 128-bit encryption) with login and password validation. The Control Center can be deployed with or without connectivity to external networks or to the Internet.

• A private, separately secured connection to the monitoring tool.

  The Control Center performs database, monitoring, and management operations through a monitoring agent.

• A private, separately secured connection to each Control Center managed by the Control Center.

  The Control Center communicates with the Control Center using FML, an XML-based dialect, through a dedicated, port-based VLAN that is not available from outside of an I-Fabric.

Accessing the Control Center

Secure access to the Control Center is based on login accounts. These login accounts provide security from accounts outside a company as well as inside a company. An account may have one of the following available login roles assigned to it, depending on the users job functions:

• User is a technical user who can create farms and make changes to the state of any farm in the account.

• Account Manager is a user who has the same access privileges as User and the added ability to add and remove Users from their accounts.

• Administrator is an administrative user who has full access to the entire application, including the configuration of the application and operational access to every account and farm within the Control Center. Administrators do not belong to any account.

For more details about accounts, see the Control Center Management Guide.

Login Name and Password Management

The Control Center processes login name and password changes. You are responsible for issuing the initial name and password to the users of an account. The Control Center network system automatically verifies passwords.

Login Lockout

By default, users are locked out of the Control Center if their login attempts fail a configurable number of times within a configurable number of minutes. The lock is automatically released after another configurable number of minutes. However, you can use the Control Center Login Status screen to unlock users before the automatic unlock process takes place. This screen also enables you to force-lock existing users if a security issue involving a user becomes apparent. You can also unlock or force-lock another administrator by using the same method. See the Control Center Management Guide.

Reaccessing the Control Center After a Failure

When a software or hardware failure occurs during a session on the Control Center, users must log in again when reaccessing the Control Center.

Encryption and Filtering

Transactions performed using the Control Center are encrypted securely using the hyper-text transfer protocol secure sockets (HTTPS). External access to the Control Center is filtered at all points using IP filtering to ensure secure web access.