VBrick Systems 4410-0118-0009 Server User Manual


 
104 © 2009 VBrick Systems, Inc.
Authentication – Authentication is the process of identifying an individual, usually based on
a username and password. In security systems, authentication is distinct from authorization
(see below), which is the process of providing individuals access to resources based on their
identity. Authentication merely ensures that the individual is who he or she claims to be, but
says nothing about the access rights of the individual.
The ETV Portal Server Access Control system allows administrators to authenticate users
against the ETV Portal Server database or authenticate users against an LDAP directory.
More details on the different authentication databases are given below.
Authorization – Authorization is the process of granting or denying access to a network
resource. Most computer security systems are based on a two-step process. The first stage is
authentication, which ensures that a user is who he or she claims to be. The second stage is
authorization, which allows the user access to various resources based on the user's identity.
In the ETV Portal Server, all authorization is done directly on the ETV Portal Server,
through the ETV Portal Server database.
LDAP – LDAP (Lightweight Directory Access Protocol) is a set of protocols for accessing
information directories. The LDAP standard defines both a network protocol for accessing
information from the directory and an extensible structure for defining how the information
is organized in the directory. The advantage of using an LDAP directory is centralized
management of users. For example, a new user needs only to be entered once into the LDAP
directory and all future modifications to that user can be done in the same central location.
Different applications can authenticate and/or authorize users against the LDAP directory.
There are numerous LDAP directory products on the market today, but the most popular are
Microsoft Active Directory, Novell eDirectory, Sun iPlanet, and OpenLDAP. VBrick supports
major LDAP vendors but only Microsoft Active Directory and Novell eDirectory are fully tested and
supported.
VBrick Database – The ETV Portal Server server ships by default with the MySQL database,
which is a fully ODBC-compliant database. (Open Database Connectivity is a standard
database access method.) For those environments that have not migrated to an LDAP
directory-based user management system, all of the authentication functionality can be done
directly in the ETV Portal Server database itself. Also, for those environments that are using
LDAP directories for Authentication, all of the Authorization functionality also takes place in
the ETV Portal Server database. Additionally, to reduce the chance of system lockout, all
Administrative Users are located in the ETV Portal Server database.
Resources and Resource Groups – In the ETV Portal Server, providing a user with
Resources refers to providing them access to a particular functionality of the EtherneTV
system. These include the ability to view Live Channels, to view VOD content, to publish
content to the VOD, and to record content or schedule a recording. A unique feature of the
ETV Portal Server software is the ability to group Resources into Resource Groups. This
allows the administrator to quickly and easily assign several resources at once to specific
Users or User Groups.
Configuring Users and User Groups
1. Setup and Configure ETV Components
The following products need to be setup and properly configured prior to configuring Access
Control.