Three-Tier Application Architecture

The recommended three-tier browser-based application architecture receives all Sun Internet Administrator security benefits.

Figure 1-3 Three-Tier ISP Service Architecture

As shown in Figure 1-3, an administrator uses the following steps to access a service's administration functions:

1. From a browser, the administrator requests a specific URL (the location of the main Sun Internet Administrator GUI page).

   The AWC is downloaded to the client browser, where the administrator can choose a service to manage.

2. Sun Internet Administrator prompts the administrator for user name and password. The administrator need not use a UNIX account for access to the console GUI; a directory services repository (Sun Directory Services) manages administrator information for Sun Internet Administrator. This connection should be secured by using secure HTTP.

   The selected service resolves to an URL, designating the services's ASCA. The server agent GUI is downloaded in response. At this step, control passes to the service's administration program.

3. Subsequent access is directly between the client browser and the component's server agent on the AWS.

   The AWS authenticates the administrator against the directory services, and logs each administrator request. If the administrator has appropriate access, requests are passed to the ASRA.

4. The ASCA communicates with the ASRA via a protocol chosen by the developer of the service. Appropriate IP-level security measures should be taken to protect this connection and its traffic.

   The ASRA again authenticates and logs each administrator action. To protect the network communications, the ISP can add IP-level encryption, if that is desired, by using SKIP.

ASCA and ASRA modules for command line and X-based programs are provided in Solaris for ISPs. Sun Internet Administrator uses them automatically when you register these applications.