Table of Contents
Advertisement
5486OpS.fm
EIM allows the creation of a system of identity mappings called associations,
between the various user identities in various user registries for a person in
your enterprise. It also provides a common set of APIs. They can be used to
develop applications that use these identity mappings to look up the
relationships between user identities across platforms.
In conjunction with network authentication service, the i5/OS and OS/400
implementation of Kerberos, EIM provides an SSO environment that is
managed and configured though iSeries Navigator.
Network Authentication Service
Network Authentication Service allows the iSeries server and several iSeries
services, such as iSeries Access for Windows, to use a Kerberos ticket as an
optional replacement for a user name and password for authentication. The
Kerberos protocol, developed by Massachusetts Institute of Technology (MIT),
allows a principal (a user or service) to prove its identity to another service
within an unsecure network. Authentication of principals is completed through
a centralized server called a Kerberos server or key distribution center (KDC).
Virtual private networking
VPN allows a company to extend its private intranet securely over the existing
framework of a public network, such as the Internet. It controls network traffic
while providing important security features such as authentication and data
privacy.
i5/OS and OS/400 VPN is an optionally-installable component of iSeries
Navigator. It allows the creation of a secure end-to-end path between any
combination of host and gateway. i5/OS and OS/400 VPN uses authentication
methods, encryption algorithms, and other precautions to ensure that data
sent between the two endpoints of its connection remains secure.
IP filtering and Network Address Translation (NAT)
IP filtering and NAT act as a firewall to protect internal network from intruders.
With IP filtering, IP traffic is controlled by filtering packets according to rules
that are user-defined. NAT allows the hiding of unregistered private IP
addresses behind a set of registered IP addresses. This serves to protect
internal networks from outside networks. NAT also alleviates the IP address
depletion problem, since many private addresses can be represented by a
small set of registered addresses.
IBM Eserver i5 and iSeries System Handbook
520
Draft Document for Review October 18, 2004
- Quick Links:
- Front Cover
- 9406 Model 810 Schematics
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the eserver i5 and is the answer not in the manual?