Planning for security
15
Implementing SSL for Breeze
There are two options available for implementing SSL-based authentication with Breeze:
•
Using the native support in Flash Communication Server’s (FCS) for SSL.
Use this option if you want to secure only Breeze and not the web application. You will need 2
IP addresses (2 DNS entries for the IP addresses) and 1 SSL certificate. You will need to
modify SSL tags in the Flash Adaptor.xml and Server.xml files configuration files.
•
Adding an external hardware SSL accelerator
Use this option if you want to secure both FCS and the Breeze application. You will need 2 IP
addresses - 2 DNS entries for the IP addresses -- and 2 SSL certificates.
You need to purchase the accelerator separately. When you use Breeze with an SSL hardware
accelerator, all logins to Breeze are sent over the secured protocol HTTPS.
Port number for SSL
The Internet uses well-known ports for unencrypted HTTP-based web traffic and encrypted
HTTPS-based web traffic. Unencrypted traffic generally goes to port 80, and encrypted traffic
generally goes to port 443. SSL hardware accelerators work by intercepting traffic on port 443,
decrypting the information, and sending it back to the Breeze server through port 80. There is no
indication to the Breeze server that the original data was encrypted.
Without SSL, all logins are conducted over HTTP connections. After you are connected to the
Breeze server, all presentations and meetings are delivered over standard unencrypted HTTP and
RMTP connections.
Planning for security
Breeze is a server-based web application integrated with a database to provide a powerful solution
for online training and conferencing. By hosting Breeze Server and its applications
on your intranet or the Internet, you are providing users the flexibility to access information
anywhere at any time.
Any application run over a network, especially the Internet, has security risks associated with it.
Macromedia Breeze is no different. However, these security threats can be minimized if you give
careful consideration to implementing a security plan for Macromedia Breeze.
There are three levels of security that should be considered for Macromedia Breeze:
•
Application-level security
•
Physical security
•
Infrastructure security
Breeze provides application-level security, which provides an ACL (Access Control List)-based
security model for controlling which users have access to which features in the Breeze
applications. Physical security means placing the actual Breeze server in a physically-secure
location. The third level, infrastructure security, which deals with securing the server and the
network, is the most important, yet most overlooked aspect of securing Breeze.
Содержание BREEZE 5
Страница 1: ...Installation and Configuration Guide...
Страница 30: ...30 Chapter 1 Before You Begin...
Страница 56: ...56 Chapter 3 Installing and Upgrading Breeze...
Страница 100: ...100 Index...
