Web-based System Manager Security provides for the secure operation of the Web-based System Manager in client-server mode. In the Web-based System Manager secure operation, the managed machines are servers, and the managing users are the clients. The communication between the servers and clients is over the SSL protocol that provides server authentication, data encryption, and data integrity. The user manages the machine on Web-based System Manager using an account on that machine and authenticates to the Web-based System Manager server by sending the user ID and password over the secured SSL protocol.
Each Web-based System Manager server has its private key and a certificate of its public key signed by a Certificate Authority (CA) that is trusted by the Web-based System Manager clients. The private key and the server certificate are stored in the server's private key ring file. The Web-based System Manager client has a public key ring file that contains the certificates of the CAs that it trusts.
In applet mode (working from the browser), the client must be assured that the applet (.class files) arriving at the browser is coming from the intended server. Moreover, in this mode, the public key ring file resides on the server and is transferred to the client with the rest of the applet .class files, because the browser does not allow applets to read local files. For sender authentication and integrity of these files. the client must use the SSL capabilities of the browser and contact the server only with the HTTPS protocol (HTTPS://...). For this, you can use the SSL capability of the HTTP Server on each managed machine, or you can use the SMGate daemon installed with Web-based System Manager Security. The SMGate daemon serves as an SSL gateway between the client browser and the web server.
This section discusses the following procedures and processes related to Security: