Which EntireX Security Solution?

This document covers the following topics:


Choosing a Security Solution

The security solutions for your distributed applications using EntireX are described below.

Security Solutions

  • EntireX Security
    This is Software AG's standard security solution providing user authentication and user authorization, delivered with EntireX. Most organizations that use EntireX choose EntireX Security instead of sample security exits for EntireX Broker security. If your organization is deploying distributed computer systems encompassing mainframe, UNIX and Windows environments, you will use EntireX Security instead of sample security exits for EntireX Broker security.

  • Sample Security Exits for Broker
    This is an alternative, user-written security solution for use only in exceptional processing situations.

  • SSL/TLS and Certificates with EntireX
    For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol. See SSL/TLS and Certificates with EntireX.

Criteria for Choosing a Security Solution

Security Choice Criteria for Choosing a Security Solution
EntireX Security Choose this option if you want to use the standard security functionality already provided with EntireX and your organization uses one of the following security repositories:

The major advantages of EntireX Security:

  • Comprehensive Security
    EntireX Security provides comprehensive security for EntireX Broker, that is user authentication and user authorization

  • Protection of Application Systems
    EntireX Security protects client and server and publish and subscribe application systems.

  • No User Exits to Write/Debug
    EntireX Security is fully supported (that is, object code only). There are no user exits to write and debug. In most installations EntireX Security operates without altering runtime applications.

  • One User=One Definition
    EntireX Security allows your organization to control the use of all applications, including distributed components, from a central point, enabling flexible control with a "one user = one definition" approach.

  • Standard Security Definitions
    EntireX Security enables security definitions, based on class/name/service (client and server) or topic (publish and subscribe), to be validated. All definitions are managed using existing security procedures and software.

  • Protected Investment in SAF-based Security Repositories
    On z/OS security definitions are accessed using industry standard SAF interface. Your investment in SAF-based security repositories is therefore protected. This includes not only the security systems RACF, CA ACF2 and CA Top Secret, but also the infrastructure to administer security profiles.

Sample Security Exits for Broker Security Choose this option only if your organization requires an alternative to standard SAF-based security on z/OS or local UNIX / Windows security on these platforms.

Writing sample security exits is recommended only in exceptional processing situations - for example, if your organization wants to access its own user-written security system when operating EntireX Broker. Sample security exits are provided as skeleton programs only and must be completely customized before they can be deployed.

SSL/TLS and Certificates with EntireX For encrypted transport we strongly recommend using the Secure Sockets Layer/Transport Layer Security protocol.

Notes:

  1. Do not mix the security solutions EntireX Security and Sample Security Exits for Broker Security. It is an either/or choice. Do not use a stub secured with a sample exit against a kernel secured with EntireX Security or vice versa.
  2. SSL/TLS and Certificates can be used in combination with EntireX Security or Sample Security Exits for Broker Security.

Overview of Security Configurations

EntireX Security: Standard Security Solution

This diagram shows the locations where the broker kernel and broker stubs can be installed; it also shows the locations of the security components of the kernel and stubs.

graphics/config1.png

The List of Components per Platform shows where broker kernel and stubs are supported.

Sample Security Exits for Broker Security

This diagram shows the locations where the broker kernel and broker stubs can be installed; it also shows the locations of the security components of the kernel and stubs.

graphics/config2.png

The List of Components per Platform shows where broker kernel and stubs are supported.