Features for a Secure Environment

Sun Internet Administrator provides the following security features:

• Administrator authentication. Administrators are required to supply a valid user name and password when accessing the GUI.

• Administrator access control. Access is controlled per ISP service. An administrator allowed to manage FTP servers on the network may or may not also have access to news servers. Console administrators (those who can manage Sun Internet Administrator processes) have access to all services managed by Sun Internet Administrator.

• Central auditing. Administrators' actions are logged for traceability and accountability.

• Privacy and integrity protection for all network traffic. The optional SKIP software can be configured to protect all connections to and from Sun Internet Administrator. SSL can also be used for secure HTTP traffic.

Sun Internet Administrator supports services in two architectures: three-tier and two-tier. Only the three-tier architecture receives all of the above-listed security benefits. Four types of service UIs are supported:

• Three-tier, browser-based applications receive all security benefits offered by Sun Internet Administrator.

• Two-tier, browser-based applications cannot make use of the single sign-on feature, but are manageable through the Sun Internet Administrator. If they use SWS to support the administration application, they can configure it to provide administrator authentication. (See Chapter 7, Integrating Existing Service Applications for details on this configuration.) The two-tier architecture is included to support legacy applications.

• X-based applications receive all the benefits of a three-tier application.

• Command-line functions (scripts, programs, or in combination) receive all the benefits of three-tier applications. Any number of them can be registered for a given service and managed by Sun Internet Administrator, which constructs a Web interface to the command-line programs.