Which EntireX Security Solution?

This document covers the following topics:

Choosing a Security Solution
Overview of Security Configurations

Choosing a Security Solution

The security solutions for your distributed applications using EntireX are described below.

Security Solutions

EntireX Security
This is Software AG's standard security solution providing user authentication and user authorization, delivered with EntireX. Most organizations that use EntireX choose EntireX Security instead of sample security exits for EntireX Broker security. If your organization is deploying distributed computer systems encompassing mainframe, UNIX and Windows environments, you will use EntireX Security instead of sample security exits for EntireX Broker security.
Sample Security Exits for Broker
This is an alternative, user-written security solution for use only in exceptional processing situations.
SSL/TLS and Certificates with EntireX
For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol. See SSL/TLS and Certificates with EntireX.

Criteria for Choosing a Security Solution

Security Choice	Criteria for Choosing a Security Solution
EntireX Security	Choose this option if you want to use the standard security functionality already provided with EntireX and your organization uses one of the following security repositories: SAF-based security (e.g. RACF, CA ACF2, CA Top Secret, or LDAP repository) for Broker running under z/OS. See Installing EntireX Security under z/OS. UNIX local security or LDAP repository for Broker running under UNIX. See Setting up EntireX Security under UNIX. Windows local security or LDAP repository for Broker running under Windows. See Setting up EntireX Security under Windows. The major advantages of EntireX Security: Comprehensive Security EntireX Security provides comprehensive security for EntireX Broker, that is user authentication and user authorization Protection of Application Systems EntireX Security protects client and server and publish and subscribe application systems. No User Exits to Write/Debug EntireX Security is fully supported (that is, object code only). There are no user exits to write and debug. In most installations EntireX Security operates without altering runtime applications. One User=One Definition EntireX Security allows your organization to control the use of all applications, including distributed components, from a central point, enabling flexible control with a "one user = one definition" approach. Standard Security Definitions EntireX Security enables security definitions, based on class/name/service (client and server) or topic (publish and subscribe), to be validated. All definitions are managed using existing security procedures and software. Protected Investment in SAF-based Security Repositories On z/OS security definitions are accessed using industry standard SAF interface. Your investment in SAF-based security repositories is therefore protected. This includes not only the security systems RACF, CA ACF2 and CA Top Secret, but also the infrastructure to administer security profiles.
Sample Security Exits for Broker Security	Choose this option only if your organization requires an alternative to standard SAF-based security on z/OS or local UNIX / Windows security on these platforms. Writing sample security exits is recommended only in exceptional processing situations - for example, if your organization wants to access its own user-written security system when operating EntireX Broker. Sample security exits are provided as skeleton programs only and must be completely customized before they can be deployed.
SSL/TLS and Certificates with EntireX	For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol.

Security Choice

Criteria for Choosing a Security Solution

EntireX Security

Choose this option if you want to use the standard security functionality already provided with EntireX and your organization uses one of the following security repositories:

SAF-based security (e.g. RACF, CA ACF2, CA Top Secret, or LDAP repository) for Broker running under z/OS. See Installing EntireX Security under z/OS.
UNIX local security or LDAP repository for Broker running under UNIX. See Setting up EntireX Security under UNIX.
Windows local security or LDAP repository for Broker running under Windows. See Setting up EntireX Security under Windows.

The major advantages of EntireX Security:

Comprehensive Security
EntireX Security provides comprehensive security for EntireX Broker, that is user authentication and user authorization
Protection of Application Systems
EntireX Security protects client and server and publish and subscribe application systems.
No User Exits to Write/Debug
EntireX Security is fully supported (that is, object code only). There are no user exits to write and debug. In most installations EntireX Security operates without altering runtime applications.
One User=One Definition
EntireX Security allows your organization to control the use of all applications, including distributed components, from a central point, enabling flexible control with a "one user = one definition" approach.
Standard Security Definitions
EntireX Security enables security definitions, based on class/name/service (client and server) or topic (publish and subscribe), to be validated. All definitions are managed using existing security procedures and software.
Protected Investment in SAF-based Security Repositories
On z/OS security definitions are accessed using industry standard SAF interface. Your investment in SAF-based security repositories is therefore protected. This includes not only the security systems RACF, CA ACF2 and CA Top Secret, but also the infrastructure to administer security profiles.

Sample Security Exits for Broker Security

Choose this option only if your organization requires an alternative to standard SAF-based security on z/OS or local UNIX / Windows security on these platforms.

Writing sample security exits is recommended only in exceptional processing situations - for example, if your organization wants to access its own user-written security system when operating EntireX Broker. Sample security exits are provided as skeleton programs only and must be completely customized before they can be deployed.

SSL/TLS and Certificates with EntireX

For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol.

Notes:

Do not mix the security solutions EntireX Security and Sample Security Exits for Broker Security. It is an either/or choice. Do not use a stub secured with a sample exit against a kernel secured with EntireX Security or vice versa.
SSL/TLS and Certificates can be used in combination with EntireX Security or Sample Security Exits for Broker Security.

Overview of Security Configurations

EntireX Security: Standard Security Solution

This diagram shows the locations where the broker kernel and broker stubs can be installed; it also shows the locations of the security components of the kernel and stubs.

graphics/config1.png

The List of Components per Platform shows where broker kernel and stubs are supported.

Sample Security Exits for Broker Security

This diagram shows the locations where the broker kernel and broker stubs can be installed; it also shows the locations of the security components of the kernel and stubs.

graphics/config2.png

The List of Components per Platform shows where broker kernel and stubs are supported.