In most cases, ID-Synch communicates with target systems using their native protocols.
In some cases, the connection to a target system may be slow or insecure. This is particularly true when the connection is made over a wide area network, the native protocol is not encrypted, and there is no ID-Synch agent installed on the target system itself.
In such cases, it is helpful to have the main ID-Synch server communicate with an ID-Synch proxy server using a secure, fast protocol. The proxy server can then connect to the target system using its native protocol, which may not be encrypted, and which may not perform well over a WAN. This is illustrated in Figure:Proxy server network architecture.
In the figure, ID-Synch sends encrypted transactions to a proxy server. The proxy server is attached to the target system using a physically secure network, and sends the unencrypted data over this network only.
The psproxy service allows the proxy server to execute account management agents on behalf of the ID-Synch server. It is installed on the proxy server, and periodically receives and installs a replica of the configuration of the ID-Synch server.
The updproxy utility, installed on the ID-Synch server, works in conjunction with the PSPROXY service. It is used during the nightly update process to update the list of proxy servers registered on the ID-Synch server, and to push any files necessary to run agents and list utilities to proxy servers.
The rest of this chapter shows you how to
|
ID-Synch™ is an access management solution developed by
M-Tech. The full current version of this guide, shipped with the ID-Synch software, contains detailed reference information not included in this version. |
||||
|
|
||||
|