MACROMEDIA BREEZE-CLUSTERING BREEZE LIVE Manual de usuario descargar pdf (Pagina 44)

ADOBE CONNECT ENTERPRISE SERVER 6

Installation and Configuration Guide

3 In the Login Policy section, select No for Use e-mail address as the login.

Public key infrastructure

About public key infrastructure (PKI)

You can set up a public key infrastructure (PKI) to manage identification credentials as part of your Connect Enter-

prise security architecture for clients. In the more familiar SSL protocol, the server must verify its identity to the

client; in PKI, the client must verify its identity to the server.

A trusted third party, called a Certification Authority, verifies the identity of a client and binds a certificate in X.509

format (also called a public key) to that client. When a client connects to Connect Enterprise Server, a proxy

negotiates the connection for PKI. If the client has a cookie from a previous session or has a valid certificate, the client

is connected to Connect Enterprise Server.

For more information about PKI, see the Microsoft PKI Technology Center.

PKI user requirements

Users must run Windows XP or Windows 2003 and have a valid client-certificate installed on their local computer

before joining a meeting that requires PKI authentication. When a user joins a meeting, they are presented with a

dialog to choose a valid client-certificate from the certificates installed on their computer.

Adobe recommends that clients use the Adobe Acrobat Connect Add-in to attend meetings that require PKI authen-

tications. Clients should use the add-in stand-alone installer to install the add-in before joining a meeting.

Clients may also use the latest version of Adobe Flash Player in the browser to attend meetings, but Flash Player PKI

support is not as extensive as add-in PKI support. One exception is that to view meeting archives, clients must have

the latest version of Flash Player installed.

You can design a PKI system to require authentication for only HTTP connections or for both HTTP and RTMP

connections. If you require client-side certificates on both HTTP and RTMP connections, users are prompted each

time a new server connection is established. For example, there will be two prompts to log in to a meeting, once for

HTTP and once for RTMP. An RTMP connection cannot be established without HTTP authentication, so you may

choose to require client-side authentication only on the HTTP connection.

Implementing PKI for Connect Enterprise

The following steps guide you through a reference implementation of PKI configured with an F5 BIG-IP LTM 9.1.2

(Build 40.2) router as the proxy. Use the critical sections to build your own solution, either with an F5 router or with

another device.

This reference implementation adheres to strict security standards, for example, it requires a client-side certificate

for both HTTP (application server) and RTMP (meeting server) connections.

Note: Adobe strongly recommends that you create a security policy before implementing PKI. There are many different

technologies used in PKI, and upholding security is critical when these systems interact.

1 2 ... 39 40 41 42 43 44 45 46 47 48 49 ... 61 62

Sin comentarios

MACROMEDIA BREEZE-CLUSTERING BREEZE LIVE Manual de usuario Pagina 44