This book discusses fundamental security concepts and provides instructions for setting up the Enterprise Security infrastructure so that the Security Officer can enable the types of security mechanisms needed to protect your enterprise’s assets. It also describes how to implement a variety of Enterprise Security features. Your system’s architecture, the nature of the back-end data that you want to protect, and the number and types of users you expect to access your enterprise environment determine which features you should implement.
This book is for anyone responsible for configuring and managing Sybase® Enterprise Security.
Chapter 1, “Introduction,” describes several key aspects to a secure communications infrastructure and defines some common security-related terms.
Chapter 2, “Deploying Enterprise Security,” describes how to deploy the Enterprise Security middleware in a BEA WebLogic server, or in an EASrever cluster.
Chapter 3, “Setting Up Security,” provides step-by-step instructions for setting up the security infrastructure; creating organizations, users, groups, roles, and assets.
Chapter 4, “Using securetool,” describes how to configure the Enterprise Security middleware, user interface, and database using the command line tool securetool.
Chapter 5, “Delegated Administration,” describes how to configure your security system to support multiple security domains.
Chapter 6, “Auditing,” provides instructions for setting up auditing to monitor user actions.
Chapter 7, “Setting up Security for Enterprise Portal,” describes how to integrate the security mechanisms of J2EE, Enterprise Security, and EAServer, which provides an option to implement single sign-on capabilities.
Chapter 8, “Securing Accounts and Assets,” describes security enhancements that you can perform to secure your e-business system; for example, enabling account and asset locks, and implementing a password-strength verification component to verify passwords.
Chapter 9, “Proxy Authentication,” explains how to implement single sign-on to enterprise resources.
Chapter 10, “Configuring LDAP Authentication,” describes how to configure your security system to use an LDAP server.
Chapter 11, “Configuring the Web Server Plug-in,” describes how to set up the Web server plug-in to protect assets stored in the ACDB from unauthorized access, and how to configure the plug-in to use a secure listener.
Chapter 12, “Certificate-Based Authentication,” describes how to set up certificate-based authentication to authenticate Enterprise Portal clients, in a system that uses a Web server security plug-in and a redirector plug-in.
Chapter 13, “Using Proxy Servers,” describes how to set up Enterprise Portal to use a proxy server, which provides security, administrative control, and caching service.
Chapter 14, “Implementing a Secure Web Proxy,” provides instructions for configuring the proxy to control access to preexisting back-end Web applications, and deliver multiple applications, Web pages, and data stores as a single application, as well as implement single sign-on features.
Chapter 15, “Configuration Properties,” describes the global and domain-specific properties that configure Enterprise Security features.
Enterprise Portal printed documentation Enterprise Security is included in the Enterprise Portal 6.0 package. The following Enterprise Portal documents are available on the Getting Started with Enterprise Portal CD:
The Enterprise Portal installation guide for your platform explains how to install the Enterprise Portal software.
The Enterprise Portal release bulletin for your platform contains last-minute information not documented elsewhere. You can also access the release bulletin from the Enterprise Portal installer.
Enterprise Portal online documentation The following Enterprise Portal documents are available in PDF and DynaText format on the Enterprise Portal 6.0 Technical Library CD:
The Enterprise Portal Developer’s Guide includes developer-related topics for Enterprise Portal components, Portal Interface portlets, and Java Template Framework pages.
The Portal Interface User’s Guide describes the Portal Interface user interface and how to use Portal Interface to build and manage your enterprise’s portal.
EAServer documentation EAServer is one of the applications servers into which you can install Enterprise Security, and it is included with Enterprise Portal. These EAServer documents are available in HTML format in your EAServer software installation, and in PDF and DynaText format on the EAServer Technical Library CD.
What’s New in EAServer summarizes new functionality in the latest version of EAServer.
The EAServer Feature Guide explains application server concepts and architecture, such as components, transactions, and Web applications. This book also explains how to use the optional EAServer products such as Message Bridge for Java™ and the Web Services Toolkit.
The EAServer Programmer’s Guide explains how to create, deploy, and configure component-based applications, Web applications, Java servlets, JavaServer Pages, and how to use CORBA and Java APIs.
The EAServer System Administration Guide explains how to manage EAServer with the Jaguar Manager plug-in, create new application servers, monitor servers and application components, define connection caches, and so on.
The EAServer Security Administration and Programming Guide explains how to configure role-based security, configure SSL certificate based-security, implement custom security services for authentication, authorization and role-membership, and so on.
The EAServer Cookbook contains tutorials and explains how to use the sample applications included with your EAServer software.
The EAServer API Reference Manual contains reference pages for proprietary EAServer Java classes, ActiveX interfaces, and C routines. This document is available only online.
The EAServer Installation Guide for your platform explains how to install the EAServer software; it is available on the Getting Started CD.
The EAServer Troubleshooting Guide describes problems you may encounter running EAServer and possible solutions; it is available online—see the EAServer Troubleshooting Guide.
jConnect™ for JDBC™ documents Enterprise Portal 6.0 includes the jConnect for JDBC driver to allow JDBC access to Sybase® database servers and gateways. The Programmer’s Reference jConnect for JDBC is included on the Enterprise Portal Technical Library CD.
See the Technical Library Installation Guide in
your documentation package for instructions on installing and starting
the Technical Library.
Use the Sybase Getting Started CD, the Sybase Technical Library CD and the Technical Library Product Manuals Web site to learn more about your product:
The Getting Started CD contains release bulletins and installation guides in PDF format, and may also contain other documents or updated information not included on the Technical Library CD. It is included with your software. To read or print documents on the Getting Started CD you need Adobe Acrobat Reader (downloadable at no charge from the Adobe Web site, using a link provided on the CD).
The Technical Library CD contains product manuals and is included with your software. The DynaText reader (included on the Technical Library CD) allows you to access technical information about your product in an easy-to-use format.
Refer to the Technical Library Installation Guide in your documentation package for instructions on installing and starting the Technical Library.
The Technical Library Product Manuals Web site is an HTML version of the Technical Library CD that you can access using a standard Web browser. In addition to product manuals, you will find links to EBFs/Updates, Technical Documents, Case Management, Solved Cases, newsgroups, and the Sybase Developer Network.
To access the Technical Library Product Manuals Web site, go to Product Manuals.
Technical documentation at the Sybase Web site is updated frequently.
Finding the latest information on product certifications
Point your Web browser to Technical Documents.
Select Products from the navigation bar on the left.
Select a product name from the product list and click Go.
Select the Certification Report filter, specify a time frame, and click Go.
Click a Certification Report title to display the report.
Creating a personalized view of the Sybase Web
site (including support pages)
Set up a MySybase profile. MySybase is a free service that allows you to create a personalized view of Sybase Web pages.
Point your Web browser to Technical Documents.
Click MySybase and create a MySybase profile.
Finding the latest information on EBFs and software
updates
Point your Web browser to the Sybase Support Page.
Select EBFs/Updates. Enter user name and password information, if prompted (for existing Web accounts) or create a new account (a free service).
Select a product.
Specify a time frame and click Go.
Click the Info icon to display the EBF/Update report, or click the product description to download the software.
The formatting conventions used in this manual are:
Formatting example |
To indicate |
|---|---|
commands and methods |
When used in descriptive text, this font indicates keywords such as:
|
variable, package, or component |
Italic font indicates:
|
File | Save |
Menu names and menu items are displayed in plain text. The vertical bar shows you how to navigate menu selections. For example, File | Save indicates “select Save from the File menu.” |
|
Monospace font indicates:
|
credentials |
Bold font indicates that the term is described in the glossary. |
The variables used in this manual to represent software installation directories are:
Term |
Represents |
|---|---|
JAGUAR |
The EAServer installation directory |
SECURITY |
The Enterprise Security installation directory |
Each Sybase installation that has purchased a support contract has one or more designated people who are authorized to contact Sybase Technical Support. If you cannot resolve a problem using the manuals or online help, please have the designated person contact Sybase Technical Support or the Sybase subsidiary in your area.
