Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Virtualization Tutorial… SSL with CIS Web Data Sources

Published byEleanor Owens Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Virtualization Tutorial… SSL with CIS Web Data Sources"— Presentation transcript:

1 Data Virtualization Tutorial… SSL with CIS Web Data Sources
Hello, and welcome to the Tutorial series for Cisco Information Server, or CIS. Tutorials are brief instructional videos that demonstrate specific features of CIS. In this Tutorial, we discuss connecting CIS to web data sources that are secured by SSL.

2 Agenda What are they and why do they matter? A basic demo Summary
Here is our agenda. We begin by defining SSL-based web data sources and outlining their importance for our customers. Next we walk through a very basic demo of SSL connectivity. Finally, we summarize the contents of this tutorial.

3 Agenda What are they and whey do they matter? A basic demo Summary
Let’s begin by discussing what SSL connectivity is, and why it’s important for our customers.

4 What are they? SSL Web Data Sources SSL: Secure Sockets Layer
Part of TLS: Transport Layer Security Server authentication is most common scenario Server presents Certificate and Public Key Client validates Certificate Client creates Symmetric Key and encrypts with Server’s Public Key Client and Server use Symmetric Key to communicate SSL stands for Secure Sockets Layer. It is a way to provide secure communication over networks, and is part of a larger standard called TLS, or Transport-Layer Security. SSL can be used in several different scenarios, but its most common use case accomplishes two goals. First, it enables a web server to authenticate itself to a client, so the client knows it is not being fooled into connecting to an unknown server. Second, it sets up encryption that is used for network communication between client and server. At connection time, the client connects to the server using the HTTPS protocol. The server presents its SSL Certificate, which contains its Public Key, to the client. The Certificate enables the client to decide whether the server is legitimate. The Public Key provides a means for encrypting data that can only be decrypted by the Server’s Private Key, which is not shared. The client first validates the Certificate. If the client determines that the server is legitimate, it generates a symmetric key, which will be used by both client and server to encrypt and decrypt data for the remainder of the session. The client encrypts the symmetric key using the Server’s Public Key, and sends it to the Server.

5 Why do they matter? SSL Web Data Sources
CIS acts as the client when connecting to these data sources Server may be outside or inside the customer firewall. SSL Web Data Sources are important to our customers, because they help ensure secure communication, both within and across the customer’s firewall. When connecting to a SOAP or REST data source, CIS acts as the client. Servers acting as data sources may exist either inside or outside the customer’s firewall. In both cases, SSL is an important security mechanism that provides authentication and encryption.

6 Agenda What are they and why do they matter? A basic demo Summary
Next, let’s walk through a very basic demo of SSL-based connectivity to CIS.

7 Demo: Here is the business problem…
CIS Here is the business problem that we illustrate in this tutorial. Data Consumers use CIS to access federated virtual views of data. In this case, one of our data sources is a RESTful web service that is secured by SSL. We will configure CIS to enable it to access this secure web service.

8 Before you begin: Remove SSL Certificate from CIS
If you have run this tutorial previously, be sure to remove the SSL certificate from the CIS data source trust store. Here we use a graphical program called Portecle to remove the certificate. We will discuss trust stores and demonstrate use of Portecle later in this demo, so we do not need to detail the steps here. <CLICK> This tutorial uses two CIS REST data sources. You may build these data sources easily, but users may also choose to import the CAR file from the Additional Resources that accompany this tutorial.

9 Demo: Show Browser-based Access
The web site shown here contains this very simple RESTful web service. The site allows both HTTP and HTTPS communication. If you access the site using the www prefix with the domain name, or if you access it via its IP address, the site defaults to HTTP. If you access the site by its domain name without the www prefix, the site defaults to HTTPS. Here we access the site via HTTP, and the data is returned. <CLICK> If we choose to access the site via HTTPS, the data is also returned. That’s because web browsers handle SSL certificate validation in a highly dynamic and transparent manner. However, secure applications like CIS are designed so that System Administrators can control the sites that are accessed using SSL. Let’s see what happens when we try to access this same web service through CIS.

10 Demo: Show CIS-based Access
As shown here, we define a CIS REST data source that connects to our web service via HTTP. We define a simple getData method for the response. <CLICK> We define a second data source that connects to the same web service using HTTPS. This will use SSL to authenticate the server and encrypt communications.

11 Demo: Show CIS-based Access
The unsecured web service returns data, as expected. <CLICK> However, when we try the secured web service, CIS returns an error, telling us the Data Source’s certificate is not found in its Truststore. This is the problem we need to solve in order to enable CIS to access the web service via HTTPS.

12 Demo: Get the Certificate
In most real-world scenarios, the customer will have access to the necessary certificate files. However, it is also possible to get the certificate by using a browser. As we mentioned earlier, browsers manage certificates in a highly dynamic and transparent manner. We begin by returning to the HTTPS response we showed earlier using the Chrome browser. <CLICK> From the Chrome kebab menu, select More Tools, then Developer Tools. <CLICK> Select the Security tab and click View Certificate. <CLICK> On the Details tab of the Certificate information dialog, choose “Copy to File.”

13 Demo: Get the Certificate
The Certificate Export Wizard appears. <CLICK> We use the default DER format… <CLICK> … choose a location for the file, and complete the export.

14 Demo: Install the Certificate
Now that we have the certificate, we can install it in CIS. Here we use a free graphical tool called Portecle, which handles certificate management. It is also possible to manage certificates using a Java command-line tool called keytool, but Portecle provides guidance and graphical feedback. We choose the Open Keystore File option… <CLICK>… and navigate to the CIS installation directory, conf | server | security folder. This folder contains a number of keystores and truststores. Keystores and Truststores have identical structures, but are used for different purposes. Keystores hold certificates and both private and public keys. They are used when CIS is acting as a server, and responding to client authentication requests. Truststores hold certificates and public keys, and are used when CIS is acting as a client, such as when it connects to a data source. As shown here, we want to install our new certificate in cis_datasource_truststore_strong.jks.

15 Demo: Install the Certificate
Default: changeit Keystores and truststores are password-protected. CIS follows the SSL convention of using a default password of “changeit.” Of course, this password will be changed in real-world installations. <CLICK> We open the truststore, and see that CIS ships with a number of certificates pre-installed.

16 Demo: Install the Certificate
Now we can import our new certificate. Choose “Import Trusted Certificate” from Portecle’s Tools menu. <CLICK> Select the new certificate. <CLICK> Portecle warns that we will have to decide whether or not to trust this certificate… <CLICK> … and then displays details of the certificate.

17 Demo: Install the Certificate
We accept the certificate as Trusted. <CLICK> We can use the default alias, or create a new one. <CLICK> The import is successful, and the new certificate appears in the CIS data source truststore. <CLICK> We save our work and exit Portecle.

18 Demo: Run the Secure Web Service
Now that the certificate is installed, we can return to the secure web service that failed earlier. This time it runs successfully, because CIS is able to verify the data source’s certificate and negotiate an encrypted connection. Our demo is complete.

19 Agenda What are they and why do they matter? A basic demo Summary
Let’s summarize what we have seen in this presentation.

20 Summary SSL Web Data Sources SSL: Secure Sockets Layer
Part of TLS: Transport Layer Security Server authentication is most common scenario CIS acts as the client when connecting to these data sources Server may be outside or inside the customer firewall. SSL stands for Secure Sockets Layer. It is a way to provide secure communication over networks, and is part of a larger standard called TLS, or Transport-Layer Security. SSL can be used in several different scenarios, but its most common use case accomplishes two goals. First, it enables a web server to authenticate itself to a client, so the client knows it is not being fooled into connecting to an unknown server. Second, it sets up encryption that is used for network communication between client and server. At connection time, the client connects to the server using the HTTPS protocol. The server presents its SSL Certificate, which contains its Public Key, to the client. The Certificate enables the client to decide whether the server is legitimate. The Public Key provides a means for encrypting data that can only be decrypted by the Server’s Private Key, which is not shared. The client first validates the Certificate. If the client determines that the server is legitimate, it generates a symmetric key, which will be used by both client and server to encrypt and decrypt data for the remainder of the session. The client encrypts the symmetric key using the Server’s Public Key, and sends it to the Server. SSL Web Data Sources are important to our customers, because they help ensure secure communication, both within and across the customer’s firewall. When connecting to a SOAP or REST data source, CIS acts as the client. Servers acting as data sources may exist either inside or outside the customer’s firewall. In both cases, SSL is an important security mechanism that provides authentication and encryption. Thank you.

21 TOMORROW starts here.

Download ppt "Data Virtualization Tutorial… SSL with CIS Web Data Sources"

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
APACHE SERVER By Innovationframes.com »

APACHE SERVER By Innovationframes.com »
SSL Technology Overview and Troubleshooting Tips.

SSL Technology Overview and Troubleshooting Tips.
CSCI 6962: Server-side Design and Programming

CSCI 6962: Server-side Design and Programming
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
70-284 MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.

Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Copyright 2000 eMation SECURITY - Controlling Data Access with

Copyright 2000 eMation SECURITY - Controlling Data Access with
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Four Windows Server 2008 Remote Desktop Services,

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.

1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
ArcGIS for Server Security: Advanced

ArcGIS for Server Security: Advanced

Similar presentations

Ads by Google