Internet Protocol Security (IPSec) Configuration

Transporting secure data between OPERA and IFC8 can be configured to use dynamic keys. For this type of transporting of secure data to be successful, IFC will require the https to have connections setup between the OperaIfcController and the Web Service. This is the standard configuration required for the appserver to be https enabled and the supplied OPERA certificate to be installed.

The appserver and database service will need to be setup to handle IPSec (Internet Protocol Security). As of March 14, 2012, Wikipedia listed the definition of IPSec as:

"Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP) communications by authenticating and encrypting each IP packet of a communication session. IPsec also includes protocols for establishing mutual authentication between agents at the beginning of the session and negotiation of cryptographic keys to be used during the session.

IPsec is an end-to-end security scheme operating in the Internet Layer of the Internet Protocol Suite. It can be used in protecting data flows between a pair of hosts (host-to-host), between a pair of security gateways (network-to-network), or between a security gateway and a host (network-to-host).[1]"

[1]Kent, S.; Atkinson, R. (November 1998). IP Encapsulating Security Payload (ESP). IETF. RFC 2406.

In order to configure this for IFC8 and the Controller, follow the listed steps.

Note: If IFC8 and the Controller are on different machines, then both machines will need to have the following steps completed on them.

1. Go to Start>Run, type MMC, and click the OK button.

2. Select File>Add/Remove Snap-in (Ctrl+M).

3. Select the Add button.


4. Click on the IP Security Policy Management standalone snap-in and select the Add button.

5. If not already selected, make sure that the Local Computer option is selected and click on the Finish button.

6. Select the IP Security Policies on Local Computer snap-in and click the OK button.

7. Click on the +, or double-click on the option, to expand the IP Security Policies on Local Computer options.

8. Once the options are displayed in the right-frame, right-click on the Server (Request Security) and select All Tasks>Assign.

9. Once selected, the Policy Assigned column for the Server (Request Security) option is updated to Yes.

10. This machine is now ready to handle IPSec communications.

See Also