man02

Frequently asked Questions

The following Sterling Secure Proxy frequently asked questions and answers provide you general and frequently used or required installation, configuration, and replication-related information.

IBM Sterling Secure Proxy

IBM Sterling Secure Proxy (SSP) helps shield your trusted network by preventing direct connectivity between external partners and internal servers. It can secure your network and data exchanges at the network edge to enable trusted business-to-business transactions and Managed file transfer (MFT) file exchanges. As a demilitarized zone (DMZ)-based proxy, Sterling Secure Proxy uses multi-factor authentication, SSL session breaks, the closing of inbound firewall holes, protocol inspection, and other controls to ensure the security of your trusted zone.

Read the following Sterling Secure Proxy frequently asked questions and answers.

Sterling Secure Proxy and Sterling External Authentication Server

Sterling Secure Proxy 6.0.x series and Sterling External Authentication Server 6.0.x series deliver features and enhancements that improve security for your organization’s MFT file exchanges and provide containers to simplify hybrid cloud deployments.

Certified containers. Take advantage of certified containers to simplify the deployment of Sterling Secure Proxy and Sterling External Authentication Server on hybrid cloud infrastructures. Sterling Secure Proxy certified containers are built to Kubernetes standards and qualified on the Red Hat OpenShift Container Platform.

Sterling Secure Proxy can be used as a proxy with Sterling File Gateway and other HTTP applications and supports a single sign-on connection. Single sign-on (SSO) provides access control that allows a user to log in once to Sterling Secure Proxy, using the HTTP protocol, and then gain access to Sterling File Gateway without logging in again. SSO bypasses normal user authentication in Sterling File Gateway and trusts that Sterling Secure Proxy has authenticated the user.

After you set up the basic single sign-on configuration, trading partners can communicate in a secure environment that provides authentication. The trading partner first connects to Sterling Secure Proxy which then connects to Sterling File Gateway on behalf of the trading partner.

 

Now, support to preserve the client source IP has been extended. For more information, refer to Configuring- Understanding values.YAML.

The components of the Secure Proxy architecture are:

  • Secure Proxy Engine—the engine resides in the DMZ and contains the minimum components necessary to manage communications sessions. The engine configuration (Secure Proxy engine properties) is created at Configuration Manager and pushed to the engine. It is stored in active memory and is never stored on a disk in the DMZ. No web services or UI ports are open in the DMZ.
  • Configuration Manager (Secure Proxy CM)—Configuration Manager is installed in the trusted zone. Use this tool to configure your environment. When you save a configuration definition (Secure Proxy configuration store) at CM, it is pushed to an engine, using an SSL session. Configuration files are encrypted and stored on the computer where CM is installed.
  •  

Before you install Sterling Secure Proxy, review the system requirements. Confirm that your system meets all requirements. Follow the procedures to install or upgrade Sterling Secure Proxy.

Verify your installation by starting CM and the engine, and ensuring that they can communicate.

  • The IP and port number to listen on for connections from Configuration Manager
  • SSL key certificate, trusted certificate, and encryption cipher used for the connection from Configuration Manager.

Secure Proxy configuration store is the file is encrypted on disk and contains the following information:

    • The user store with information on user credentials
    • The system certificate store with the certificates used for SSL/TLS sessions
    • The key store with the SSH keys
    • The engine configuration store with all configuration information for the engine.

There are 3 components of IBM Sterling Secure Proxy (SSP Engine (SSP), SSP Configuration Manager (SSPcm), and Perimeter Server (PS)). SSP can also make use of the IBM Sterling External Authentication Server (SEAS).

Latest releases of IBM Sterling Secure Proxy 6.0.x and IBM Sterling External Authentication Server 6.0.x

These Versions release the new features,

  • Support for certified containers, qualified on Red Hat OpenShift Platform, for deployment flexibility across hybrid cloud environments
  • Improved protection against external threats through virus and malware scanning that is executed in the DMZ subnetwork, outside of the trusted zone
  • Can deliver IP blocklisting and advanced monitoring by enabling connection to third-party providers to enable validation of IP addresses from suspect sources
  • Easily view availability status of Sterling External Authentication Server instances from the Sterling Control Center web console

Sterling Secure Proxy also provides the following security features:

SSL or TLS using certificates—Ensures that the connection between Sterling Secure Proxy and the internal and external nodes uses SSL or TLS.

Support for Hardware Security Modules (HSM)—Stores and protects your certificates.

Support for connection routing—Allows you to route incoming connections using the following methods:

  • Direct Routing—Routes incoming connections directly to the trusted company server.
  • PNODE routing—Allows the inbound node to determine what SNODE it connects to.
  • Certificate-based routing—Allows Sterling Secure Proxy to determine the internal server to route the connection to, based on the distinguished name in the certificate.

Expert resources to help you succeed

Product Demo

Watch our top-notch
product demos

Services

We offer the full spectrum of services to help organizations work better.

Blog

Stay up to date on the latest technologies.

Ask Experts!

Can’t Find The Answer You’re Looking For?
Don’t Worry We’re Here To Help! Please Submit A Question​
Group01

Expert resources to help you succeed

Product Demo

Watch our top-notch
product demos

Services

We offer the full spectrum of services to help organizations work better.

Blog

Stay up to date on the latest technologies.

Join one of our innovation platforms.

Internet of Things

Lapidor massa wisi est v nonummy sunt ut 0 ad certus at hic modulumina justo donec si Semente 600 castrorum.
Lapidor massa wisi est v nonummy sunt ut 0 ad certus at hic modulumina justo donec si Semente 600 castrorum.
Learn More

Brand & Retail

Sequela et occasionem amet quedam odites unde reprobum, fortem sequi ullo ad dicta mi arcades unde facer.
Sequela et occasionem amet quaedam odit unde reprobum, fortem sequi ullo ad dicta mi arcades unde facer.
Learn More

Thank you for submitting your details.

For more information, Download the PDF.

Thank you for the Registration Request, Our team will confirm your request shortly.

Invite and share the event with your colleagues 

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges

IBM Partner Engagement Manager Standard

IBM Partner Engagement Manager Standard is the right solution
addressing the following business challenges

Pragma Edge - API Connect