9.1 Security for a Pervasive Portal solution

In order to better understand the security issues on a Pervasive Portal solution, the same operational model diagram will be used and the security issues for some of the components of the solution will be detailed.

The components explored are:

Boundary components - this includes routers, firewalls and architecture recommendations for security layers .
WebSphere Everyplace Connection Manager
WebSphere Edge Server
WebSphere Everyplace Access and its components, such as:
- Everyplace Client
- Device Manager
- Everyplace Synchronization Server
Tivoli Access Manager and Single Sign-On

Figure 9-1: Security issues for the components of a Pervasive Portal solution

Note	Because of the extensive details of the previous diagram, it is difficult to read some parts on a printout. If you would like to read the details, please use the original PDF document and magnify the area you want to see.

9.1.1 Boundary components

The boundary components include the firewalls and routers that implement the "physical" security separating the solution layers and implementing the security policy. Each security layer created uses different principles, compatible with the security level required. Even the security policy of each layer will be different and specific to the relative functionality and operational level.

We will use a generic diagram block representing a multi- tier production environment to explain the characteristics of each security layer. It is considered that the solution non-functional requirements include high availability. For more detailed information about high availability and performance, refer to Chapter 11, "Performance and availability" on page 239.

Figure 9-2: Security layers for a generic n-tier solution

First security layer

This layer includes routers connecting to Internet and protecting in a basic level through the use of packet filters. Besides creating an initial barrier , it avoids some improper accesses that could compromise the performance of the LAN. That layer increases the security level, but by itself it is not enough to protect the entire solution.

Second security layer

This security level includes two firewalls separating the DMZ (presentation layer for Internet users) from the application tier. That layer will have the following characteristics:

A second level of security to protect against malicious Internet users.
This layer does not allow Internet users to access the application layer directly. Using this model, every request from external users will take place in the Presentation components (HTTP Server in the Web Server Redirector node) on the demilitarized zone (DMZ) and the requests will be redirected to the application layer. It is important to create rules so that only the presentation components can access the Application components.

It is recommended that the two firewalls be working at high availability, guaranteeing service availability, even in case of problems with one of the firewalls.

Third security layer

This security level includes two firewalls separating the application tier from the critical components and persistence tier that the end user does not need to access directly.

Every information request performed by the user takes place on the presentation tier that reaches the persistence tier by the application tier. Rules will be created in order to define which components of the application tier should access the persistence tier. It is assumed that access will be denied to any end user trying to access the Persistence components.

It is recommended that the two firewalls be working at high availability, guaranteeing service availability, even in case of problems with one of the firewalls.

Fourth security layer

A separate network was created for the site management. This layer corresponds to the security level implemented to separate the management tier from the presentation (DMZ), application and persistence tiers. This is possible through the use of one firewall. The reason for the existence of this layer lies with the different rules, and mostly because of the right policy that should be implemented. Implementing the management security policy in the second and third layer would represent a security exposure. Keeping in mind that every request performed on the application tier goes through the second and third security layer, this exposure could reduce the level of security and cause a performance degradation. The firewall prevents a break-in attempt on the persistence tier through the management tier.

Fifth security layer

Separated networks were created for the site's back-up for performance reasons (it does not use up the bandwidth from the presentation, application and persistence tier). Those were not connected because this would create a security leak, and a possible break-in on the persistence tier (critical data) through the back-up network. Therefore, the use of a firewall connecting the back-up network of the various layers is strongly recommended.