WebSEAL functionality on the appliance

WebSEAL functionality on the appliance

The appliance web reverse proxy includes most of the features offered by a standard software installation of WebSEAL. However, there are some differences, as detailed in this section.

Feature Description

Custom libraries, including CDAS and EAS The appliance does not support custom CDAS modules. As a result, the appliance does not support the following authentication mechanisms:

IP address
HTTP header
Post password change
WebSEAL does not provide CDAS modules for these mechanisms. The appliance does support the IBM Security Identity Manager Password Synchronization Plug-in. For information, see the [itim] stanza in the web reverse proxy Stanza Reference..

Local junctions The following limitations apply to local junction support on the appliance:

The appliance can support a single fixed file system path for the local junction of a WebSEAL instance.
Local junctions on the appliance cannot run any CGI scripts.

Hardware Based Cryptography The appliance does not support any hardware-based cryptography. However, the hardware appliance does include AES-NI support in the i7-2600 processor, which can handle cryptographic operations.

Application Response Measurement (ARM) WebSEAL software includes ARM to monitor transactions throughout the request and response processing stream. The appliance does not include ARM.

Tivoli Common Directory Logging The Tivoli Common Directory Logging feature stores all log files for IBM Security software applications in a common file system directory. The appliance does not support this common logging. Logging for the appliance is managed through the LMI.

Audit to a pipe The appliance cannot send audit records directly to a pipe. It can however, use an intermediate ISAM authorization server to indirectly send audit records to the destinations. The appliance can also send audit data to remote syslog.

ARS (web service) The IBM Security Verify Access ARS web service can send request information to an external ARS server for authorization. ARS is not available on the appliance.

Parent topic: IBM Security Verify Access WebSEAL overview
Related concepts

Introduction to IBM Security Verify Access
WebSEAL introduction
ISAM appliance
Security concepts for a WebSEAL deployment
Authorization process
Security policy planning
Content types and levels of protection
WebSEAL authentication
Standard WebSEAL junctions
Web space scalability

Feature	Description
Custom libraries, including CDAS and EAS	The appliance does not support custom CDAS modules. As a result, the appliance does not support the following authentication mechanisms: IP address HTTP header Post password change WebSEAL does not provide CDAS modules for these mechanisms. The appliance does support the IBM Security Identity Manager Password Synchronization Plug-in. For information, see the [itim] stanza in the web reverse proxy Stanza Reference..
Local junctions	The following limitations apply to local junction support on the appliance: The appliance can support a single fixed file system path for the local junction of a WebSEAL instance. Local junctions on the appliance cannot run any CGI scripts.
Hardware Based Cryptography	The appliance does not support any hardware-based cryptography. However, the hardware appliance does include AES-NI support in the i7-2600 processor, which can handle cryptographic operations.
Application Response Measurement (ARM)	WebSEAL software includes ARM to monitor transactions throughout the request and response processing stream. The appliance does not include ARM.
Tivoli Common Directory Logging	The Tivoli Common Directory Logging feature stores all log files for IBM Security software applications in a common file system directory. The appliance does not support this common logging. Logging for the appliance is managed through the LMI.
Audit to a pipe	The appliance cannot send audit records directly to a pipe. It can however, use an intermediate ISAM authorization server to indirectly send audit records to the destinations. The appliance can also send audit data to remote syslog.
ARS (web service)	The IBM Security Verify Access ARS web service can send request information to an external ARS server for authorization. ARS is not available on the appliance.