Protecting your data center against outside threats - Security Center 5.8

Security Center Administrator Guide 5.8

series
Security Center 5.8
revised_modified
2020-08-17

If the security policy of your company requires all corporate databases to reside on a secured network, you must create Directory gateways to allow the Security Center applications located outside the secured network to log on to the system.

Before you begin

Make sure that the Number of additional Directory servers supported by your Security Center license allows you to add the Directory gateways you need to create. The Directory gateways are counted as Directory servers in your Security Center license.

What you should know

All Security Center applications (roles and client applications) must connect to a Directory server in order to log on to the system. All Directory servers must access the Directory database where the system configuration is stored. If the Directory database resides on a secured network, no applications located outside the secured network are allowed to access it. To avoid violating the security policy, you must create Directory gateways on the non-secured network.

Procedure

  1. From the Config Tool home page, open the System task, and click the Roles view.
  2. Select the Directory Manager () role, and then click the Directory servers tab.
  3. At the bottom of the server list, click Advanced ().
    An extra column, Gateway, opens in the list.
  4. At the bottom of the list, click Add an item ().
  5. In the dialog box that opens, select the server you want to add, and click Add.
  6. Add more servers to the list if necessary.
  7. Select the Gateway option on servers you want to use as Directory gateways.
    A Directory gateway must be located on the non-secured network. It does not need to access the Directory database, but it needs to connect to the main server. The following example shows a system with two Directory servers, one of which is the main server, and two Directory gateways.
    NOTE:
    • Load balancing only occurs between servers of the same type. All Directory servers belong to one load balancing pool, and all Directory gateways belong to another. A user trying to connect to a Directory gateway will not be redirected to a Directory server, and vice versa.
    • The Disaster recovery option only applies to Directory servers, not to Gateways.

    Directory gateways

  8. Update your license to include the servers that you have just promoted to Directory gateways.
  9. Click Apply.

After you finish

If you have client workstations that are forced to connect to a specific Directory, update their settings so they connect to one of the Directory gateways instead.