Softlink International Liberty Security

Similar documents
Factsheet of Public Services Infrastructure (PSi) Updated on: 1st Sep 03

OpenIAM Identity and Access Manager Technical Architecture Overview

PowerApps Security Features

ArcGIS for Server: Administration and Security. Amr Wahba

Novell Access Manager 3.1

Microsoft Implementing Desktop Application Environments

Course: JBoss Training: JBoss AS 7 and JBoss EAP 6 Administration and Clustering Training

University of Ulster Standard Cover Sheet

Microsoft Core Solutions of Microsoft SharePoint Server 2013

Oracle Hospitality Simphony Cloud Services Post-Installation or Upgrade Guide Release 2.10 E July 2018

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

Cisco Prime Service Catalog Compatibility Matrix

JBOSS AS 7 AND JBOSS EAP 6 ADMINISTRATION AND CLUSTERING (4 Days)

Why Microsoft Azure is the right choice for your Public Cloud, a Consultants view by Simon Conyard

Oracle Hospitality Cruise AffairWhere Security Guide Release E April 2017

Oracle WebLogic Server 12c: Administration I

HOW TO SETUP CFS POLICIES WITH LDAP AND SSO TO RESTRICT INTERNET ACCESS ON CFS 3.0

Oracle Cloud What's New for Oracle WebCenter Portal Cloud Service

Oracle WebCenter Interaction

Architecture & Deployment

John Heimann Director, Security Product Management Oracle Corporation

ForgeRock Access Management Core Concepts AM-400 Course Description. Revision B

SAML-Based SSO Solution

Data Security at Smart Assessor

MySQL for Database Administrators Ed 4

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Security Overview. Technical Whitepaper. Secure by design. End to end security. N-tier Application Architecture. Data encryption. User authentication

Trusted Login Connector (Hosted SSO)

Excel4apps Wands 5 Architecture Excel4apps Inc.

IBM Tivoli Access Manager for e-business V6.1.1 Implementation

EnterSpace Data Sheet

Qlik Sense Enterprise architecture and scalability

IBM Secure Proxy. Advanced edge security for your multienterprise. Secure your network at the edge. Highlights

App Gateway Deployment Guide

What's new in IBM Rational Build Forge Version 7.1

Mobility best practice. Tiered Access at Google

BeBanjo Infrastructure and Security Overview

Scaling for the Enterprise

Oracle Communications Services Gatekeeper

Designing Windows Server 2008 Network and Applications Infrastructure

The Shibboleth-enabled WebDAV server used in ESUP-Portail and ORI-OAI projects

SSO Plugin. Release notes. J System Solutions. Version 4.0

Oracle Hospitality Cruise Fine Dining System Security Guide Release E

IZO MANAGED CLOUD FOR AZURE

ROYAL INSTITUTE OF INFORMATION & MANAGEMENT

Security Correlation Server System Deployment and Planning Guide

BEYOND AUTHENTICATION IDENTITY AND ACCESS MANAGEMENT FOR THE MODERN ENTERPRISE

Microsoft Configuring and Troubleshooting Windows Server 2008 Application Infrastructure

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

2017/11/10 10:40 1/2 Setup. Be aware of the updating procedure of VISUAL PLANNING, see UPDATE VISUAL PLANNING

SAML-Based SSO Solution

Proficy* Workflow. Powered by Proficy SOA GETTING STARTED

Oracle Hospitality Simphony Post-Installation or Upgrade Guide. Release 18.2

Liferay Security Features Overview. How Liferay Approaches Security

Syncplicity Panorama with Isilon Storage. Technote

Microsoft Installation and Deployment in Microsoft Dynamics CRM 2013

Delivers cost savings, high definition display, and supercharged sharing

Apparo Fast Edit. Installation Guide 3.1.1

AS emas emudhra Authentication Solution

Developing Enterprise Cloud Solutions with Azure

Technology Note. ER/Studio: Upgrading from Repository (v ) to Team Server 17.x

Microsoft Architecting Microsoft Azure Solutions.

ISA 767, Secure Electronic Commerce Xinwen Zhang, George Mason University

That Set the Foundation for the Private Cloud

Oracle XML Publisher Enterprise. An Oracle White Paper May 2006

Ekran System v.6.0 Privileged User Accounts and Sessions (PASM)

ER/Studio Team Server XE7 Quick Start Guide

DEPLOYING MULTI-TIER APPLICATIONS ACROSS MULTIPLE SECURITY DOMAINS

Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway

A guide for assembling your Jira Data Center team

Realms and Identity Policies

Oracle Business Intelligence Discoverer

Challenges in Authenticationand Identity Management

A Journey Towards Digital Learning Environment

SECURITY DOCUMENT. 550archi

Business White Paper IDENTITY AND SECURITY. Access Manager. Novell. Comprehensive Access Management for the Enterprise

DreamFactory Security Guide

Server Installation Guide

Telstra IP Telephony Customer Group Administrator Checklist

Samsung SDS Enterprise Cloud

Installing VMware vsphere 5.1 Components

PRISM - FHF The Fred Hollows Foundation

Netwrix Auditor for Active Directory

Perceptive Matching Engine

Sentinet for Microsoft Azure SENTINET

IBM Lotus Domino Product Roadmap

Network Security Policy

WebNow. product white paper. Perceptive Software, Inc.

Office 365 and Azure Active Directory Identities In-depth

Prerequisites for Using Enterprise Manager with Your Primavera Applications

StorageIM 1.0 Installation and Administration

Customizing a Packaged Application for a J2EE Environment: A Case Study. Leslie Tierstein TopTier Consulting, Inc.

A. ORA addresses all four (Business, Application, Information, and Technical) equally.

ArcGIS Server and Portal for ArcGIS An Introduction to Security

Web Serving Architectures

Manage SAML Single Sign-On

ArcGIS for Server: Security

Configuring the Oracle Network Environment. Copyright 2009, Oracle. All rights reserved.

DDS Identity Federation Service

Microsoft SharePoint Server 2013 Plan, Configure & Manage

Transcription:

Softlink International Liberty Security www.softlinkint.com

The Product: Liberty Liberty is Softlink s flagship product for Special, Academic, Government and Public libraries used by hundreds of academics, information specialists, professionals and library staff daily to manage, access and share information resources to facilitate organisational goals. Built specifically for web deployment and to deliver flexibility, reliability and scalability for users, Liberty has been the focus of intense development and design at Softlink to facilitate a web-based library solution that meets the needs of today and tomorrow s library users, researchers and professionals. Selected by a prestigious range of libraries, consortia and multinational organisations in Australia and overseas, Liberty integrates leading technology, 25 years information management technology experience and established library standards to continue to benefit all members of the library and business communities. Network Configuration Liberty is architected as a three-tier application which inherently enables both horizontal and vertical scalability. Each deployed element of Liberty is both vertically and horizontally scalable as follows: Liberty is built in a multi-tier architecture to facilitate scaling to an enterprise-level deployment. This consists of: Web & Application Server Database Server Reporting Server By separating the different tiers of the application, greater security and performance is provided. In addition to security and performance benefits, users also benefit from increases in scalability and more flexible deployment options. The configuration is comprised of: 1. Web Server. The Web Server maintains and controls end-user connections. The Web Server runs the Apache Web Server application and can also act as a load-balancer for the deployment. 2. Application Server. The Application Server contains the application. The system runs within the JBoss Application server within the JEE framework. All business logic is maintained within the application server. 3. Reporting Server. The Reporting Server runs MS SQL Reporting Services and is the reporting framework used within the system. A separate server is recommended to maximise performance and security of the SQL database. 4. Database Server. The database server stores all user data and runs MS SQL Server. P a g e 2

Deploying the software in a 3 tier architecture provides benefits in terms of security. In most usage scenarios however, a two tier architecture whereby the web and application servers are combined simplifies the deployment without adding significant negatives. This 2 tier deployment model is recommended for the majority of sites both enterprise and otherwise. Server Communications As an Enterprise deployment disperses the Liberty application across several different servers, it is important to understand how each of the servers communicates to each other. All inter-server communication is performed over the http protocol. The default configuration is to use port 8080 for http communication, however this is completely configurable. Secure communication is also supported using the https protocol with the default port of 443. The Application Server communicates with the SQL server using socket based communication over TCP/IP. The default port for this is 1433 but is fully customisable. This allows the firewalls between the different network zones to be fully secured allowing communication on set protocols and ports from defined sources to set destinations. The application server will also communicate with the report server via port 80. Security Requirements There are two types of security requirements when it comes to Liberty Enterprise: 1. User security 2. Application security User Security User security settings are easily maintained within the Liberty application by an administrator and work at a number of levels: Each user is added to a User Role. The User Role defines what User Privileges the user role has, and what Security Groups the user belongs to. These privileges define what actions the user can perform (View, Add, Edit etc) and what modules the user can access (OPAC, Cataloguing, Acquisitions etc) according to your organisational structure and user roles. P a g e 3

Resources within Liberty can also be assigned a Security Group. This means that only users that belong to that Security Group can view and access the record in the OPAC. In addition to this, Security Groups can also be used to exclude users. Individual User Roles can be assigned to Security Groups. User Roles, User Privileges and Security Groups are fully customisable within Liberty and definable by the library staff via the application interface. Users can be authenticated into Liberty through a number of different mechanisms: 1. Direct authentication with Liberty 2. LDAP Authentication 3. Single-Sign-On using a SSO mechanism supported by Liberty Direct Authentication with Liberty means the user enters their username and password and the details are authenticated by Liberty using the information stored within Liberty. LDAP Authentication is similar to Direct Authentication except the username and password information is queried against an Access Directory (Active Directory) on the network with the authentication status returned to Liberty. This mechanism uses the LDAP protocol. All user roles and privileges are maintained within Liberty. Single-Sign-On allows the user to sign on once to the network or intranet and be automatically authenticated into other applications on the network. Single-Sign-on can use either Integrated Authentication (provided by Microsoft) or a third-party SSO web portal. To use Integrated Authentication the servers must all be on the same network and domain as the end user and using Active Directory and LDAP. Softlink currently supports the SAFE and SAML protocols. User Role and User Privilege configurations are maintained within Liberty. Within Liberty, the only difference between a Liberty Staff Member and an End User is the User Role granted to the user and the associated User Privileges allocated to the different roles. Application Security Minimal network security requirements exist for Liberty to work correctly; these requirements largely relate to reporting. For example, the user account running the Application Server (Service Account of JBoss) must have the right to run as a service, access to any network paths used by the application and read and write access to the Reporting Services Database. Access to the main SQL Database on the Database Server is configured within the application. The application prefers to use an SQL user to access the library data, while Reporting Services requires a network user account. Framework Liberty is built on the Java Enterprise Edition framework designed for building large-scale, multi-tiered, scalable, reliable, and secure network applications. P a g e 4

Performance testing and tuning Softlink conducts performance tests at the IBM Test Centre on Liberty to validate current benchmarks and identify any areas requiring improvement. In order to leverage enhanced frameworks for improved performance, Liberty has been upgraded to provide support for Wildfly which has a lighter footprint than the currently supported version of the JBoss application server. The version of Java running on the application server has also been upgraded, to Java 7. Adoption of international standards. Softlink seeks to adopt those standards that are most needed by clients as a result of legislative requirements, widespread acceptance, or those that have the potential to offer end user value. Liberty is compliant with a wide range of industry standards that relate to library data, including the following: MARC21 EDI Z39.50 SIP2 RDA AACR2 P a g e 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback