Table of Contents
Advertisement
Understanding Operational Requirements
Security Requirements
Most business applications require security. This section discusses security considerations and
decisions.
User Authentication and Authorization
Application users must be authenticated. The Application Server provides three different
choices for user authentication: file-based, LDAP, and Solaris.
The default file based security realm is suitable for developer environments, where new
applications are developed and tested. At deployment time, the server administrator can choose
between the Lighweight Directory Access Protocol (LDAP) or Solaris security realms. Many
large enterprises use LDAP-based directory servers to maintain employee and customer
profiles. Small to medium enterprises that do not already use a directory server may find it
advantageous to leverage investment in Solaris security infrastructure.
For more information on security realms, see
Chapter 9, "Configuring Security, " in Sun
GlassFish Enterprise Server 2.1 Administration
Guide.
The type of authentication mechanism chosen may require additional hardware for the
deployment. Typically a directory server executes on a separate server, and may also require a
backup for replication and high availability. Refer to Sun Java System Directory Server
documentation for more information on deployment, sizing, and availability guidelines.
An authenticated user's access to application functions may also need authorization checks. If
the application uses the role-based Java EE authorization checks, the application server
performs some additional checking, which incurs additional overheads. When you perform
capacity planning, you must take this additional overhead into account.
Encryption
For security reasons, sensitive user inputs and application output must be encrypted. Most
business-oriented web applications encrypt all or some of the communication flow between the
browser and Application Server. Online shopping applications encrypt traffic when the user is
completing a purchase or supplying private data. Portal applications such as news and media
typically do not employ encryption. Secure Sockets Layer (SSL) is the most common security
framework, and is supported by many browsers and application servers.
The Application Server supports SSL 2.0 and 3.0 and contains software support for various
cipher suites. It also supports integration of hardware encryption cards for even higher
performance. Security considerations, particularly when using the integrated software
encryption, will impact hardware sizing and capacity planning.
Consider the following when assessing the encryption needs for a deployment:
Chapter 1 • Overview of Enterprise Server Performance Tuning
21
Advertisement
Table of Contents
Need help?
Do you have a question about the Sun GlassFish Enterprise Server 2.1 and is the answer not in the manual?
Questions and answers