Security Proxy Server

After the Security Proxy Add-On is installed, some setup is required before you can deploy encrypted sessions. The Security Proxy Add-On consists of two Java applications: the Security Proxy Wizard and the Security Proxy Server.

  • The Security Proxy Wizard guides you through the steps of setting up the proxy server properties file and importing or generating a security certificate for the proxy server.

    If you used an automated installation procedure to install the product and installed the Security Proxy Server on the same machine as the Administrative Server, you do not need to use the wizard before you start the proxy server. Self-signed certificates are created and the management certificate is added to the proxy server trusted certificates list during the installation.

    If you installed the product manually, you must run the wizard before you can create encrypted terminal sessions that pass through the proxy server and before you can run the security proxy server.

    After initial configuration, use the wizard to manage your security proxy settings and certificates.

  • The Security Proxy Server manages encrypted connections that pass through the proxy server for secure sessions. The Security Proxy Server uses files generated by the wizard or the automated installer and cannot be run until the server is set up.

  • The Security Proxy Server can be installed on the same computer as the Administrative Server or on a different computer. Although data between the terminal session and the proxy server is encrypted, data between the proxy server and the host computer is typically not encrypted, so no matter which installation method you choose, you can increase the security of terminal session connections by ensuring that there is only one known, secure link between the proxy server and the host computer.

    You may want to consider a dedicated connection between the proxy server and the host computer, so that the proxy server does not communicate with the host computer over a connection accessible by other computers on the network.

    Another approach is to run the proxy server directly on the host computer. A variety of platform-specific archive files for installing the security proxy are available that may be appropriate for your host. Replace the JRE with one that is appropriate for your host if necessary. If you run the proxy server directly on the host computer, secure connections will be CPU intensive because additional processing is required to encrypt and decrypt the data stream.

    For more information see these technical notes:

  • 1557: Security Proxy Server Performance Factors

  • 1883: End-to-End Encryption through the Security Proxy

Overview of Deploying a Secure Session

Deploying a secure session through the Security Proxy can be divided into several general tasks:

  1. Install the security proxy server files on your server.

  2. Run the security proxy server.

  3. Create an encrypted terminal emulation session using the Session Manager in the Administrative WebStation.

  4. Map the session to your users. For more information, refer to the overview information and the online help in the Session Manager.