Network Protocols

N1 Service Provisioning System software supports a variety of network protocols for communication among the N1 Service Provisioning System software applications. The protocols are:

• Raw TCP/IP

• Secure Shell (SSH v1 and v2)

• Secure Sockets Layer (SSL)

Raw TCP/IP

Raw TCP/IP is standard TCP/IP without additional encryption or authentication. The advantage of raw TCP/IP is that it requires no additional set-up and configuration. If your data center network is protected by a firewall and secured from intrusion, using raw TCP/IP provides a convenient method for communication among N1 Service Provisioning System software applications.

Secure Shell

ssh (Secure Shell) is a UNIX-based command suite and protocol for securely accessing a remote computer. ssh secures network client/server communications by authenticating both endpoints with a digital certificate and by encrypting passwords. ssh uses RSA public key cryptography to manage connections and authentication. Because it is more secure than telnet or other shell-based communication methods, many system administrators use ssh to manage Web servers and other remote systems.

The provisioning software can be configured so that its applications communicate using ssh. N1 Service Provisioning System software supports OpenSSH explicitly. OpenSSH is a free version of ssh that has been primarily developed by the OpenBSD Project. (For more details, see http://www.openssh.com.) The provisioning software can be configured to support other versions of ssh, as well.

Secure Sockets Layer

Secure Sockets Layer (SSL) is a protocol for securing communication over IP networks. SSL uses TCP/IP sockets technology to exchange messages between a client and a server, while protecting the message with a public-and-private key encryption system developed by RSA. Support for SSL is included in most Web server products, as well as in the Netscape and Microsoft Web browsers.

N1 Service Provisioning System software applications can be configured to use SSL for their network communications, preventing the provisioning software's messages from being read or tampered with. Optionally, N1 Service Provisioning System software applications can be configured to use SSL to authenticate each other before communicating, further increasing network security.

Selecting Protocols to Meet Specific Needs

N1 Service Provisioning System software enables you to select the protocol you will apply to each of the following types of network communication:

• Communication between the Master Server and its children (Local Distributors and Remote Agents)

• Communication between a particular Local Distributor and its children (Remote Agents)

• Communication between the Master Server and a Command Line Interface Client

You can tailor your network security to meet the needs of your particular network topology. For example, if communication within each of your data centers is secure, but your network connection to a remote data center passes through the public Internet, you could configure the Master Server to use SSL when communicating a Local Distributor installed inside the firewall for the remote data center, so that all communication over the Internet is secured. The Local Distributor could use raw TCP/IP to communicate with its children, since all the communication over the local network is secure, and SSL is not required.

For information on configuring SSL and SSH, please see N1 Service Provisioning System 4.1 Installation Guide.