Sun Microsystems 820434310 Server User Manual


 
Security Requirements
Most business applications require security. This section discusses security considerations and
decisions.
User Authentication and Authorization
Application users must be authenticated. The Application Server provides three dierent
choices for user authentication: le-based, LDAP, and Solaris.
The default le based security realm is suitable for developer environments, where new
applications are developed and tested. At deployment time, the server administrator can choose
between the Lighweight Directory Access Protocol (LDAP) or Solaris security realms. Many
large enterprises use LDAP-based directory servers to maintain employee and customer
proles. Small to medium enterprises that do not already use a directory server may nd it
advantageous to leverage investment in Solaris security infrastructure.
For more information on security realms, see
Chapter 9, “Conguring Security,” in Sun
GlassFish Enterprise Server 2.1 Administration Guide.
The type of authentication mechanism chosen may require additional hardware for the
deployment. Typically a directory server executes on a separate server, and may also require a
backup for replication and high availability. Refer to Sun Java System Directory Server
documentation for more information on deployment, sizing, and availability guidelines.
An authenticated user’s access to application functions may also need authorization checks. If
the application uses the role-based Java EE authorization checks, the application server
performs some additional checking, which incurs additional overheads. When you perform
capacity planning, you must take this additional overhead into account.
Encryption
For security reasons, sensitive user inputs and application output must be encrypted. Most
business-oriented web applications encrypt all or some of the communication ow between the
browser and Application Server. Online shopping applications encrypt trac when the user is
completing a purchase or supplying private data. Portal applications such as news and media
typically do not employ encryption. Secure Sockets Layer (SSL) is the most common security
framework, and is supported by many browsers and application servers.
The Application Server supports SSL 2.0 and 3.0 and contains software support for various
cipher suites. It also supports integration of hardware encryption cards for even higher
performance. Security considerations, particularly when using the integrated software
encryption, will impact hardware sizing and capacity planning.
Consider the following when assessing the encryption needs for a deployment:
UnderstandingOperationalRequirements
Chapter1 • OverviewofEnterprise ServerPerformanceTuning 21