Home
Administering
This section describes how to plan for, install, configure, operate, and manage the SafeLinx Server.
Security
HCL SafeLinx includes a range of options for configuring the security of your network, applications, and data.
Admin Access
Administrators who use the SafeLinx Administrator must authenticate by providing an administrator ID and password.

Administering
This section describes how to plan for, install, configure, operate, and manage the SafeLinx Server.
- Overview
  HCL SafeLinx uses standards-based protocols to enable secure access from mobile computing devices outside the firewall to business applications and data on your organization's internal network.
- Security
  HCL SafeLinx includes a range of options for configuring the security of your network, applications, and data.
  - Using IPSec
    You can configure the operating system to use IPSec to secure data transmitted between the SafeLinx Server and remote servers or among cluster nodes.
  - Security Options
    You can configure SafeLinx to use several different security mechanisms to protect network resources.
  - Authentication and Encryption
    A managed set of public key certificates that are issued by a certificate authority is required to enable TLS communications.
  - Authentication Between the Mobile Access Service and SafeLinx Clients
    SafeLinx Clients must authenticate with the mobile access service before they can establish an encrypted connection.
  - Encryption Between the Mobile Access Service and SafeLinx Clients
    You can modify the type of encryption that is used to transmit data between SafeLinx Clients and the mobile access service.
  - Third-Party Authentication to the SafeLinx Server
    You can configure authentication profiles to enable third-party authentication to the SafeLinx Server.
  - Two-factor authentication
    For a tutorial providing an example of how to set up HCL SafeLinx 1.2 for two-factor authentication, see the article Implementing two-factor authentication with HCL SafeLinx 1.2 on the HCL Customer Support site.
  - Authentication and Encryption Between Messaging Services and Applications that Use Messaging Services and Push APIs
    To ensure secure transmissions with messaging clients, you can configure messaging services to require TLS connections with message processing servers or push initiators.
  - Authentication and Encryption Among Cluster Managers
    To secure communications among cluster manager, you can require transport layer security (TLS) connections among the nodes in a SafeLinx Server cluster.
  - Admin Access
    Administrators who use the SafeLinx Administrator must authenticate by providing an administrator ID and password.
- Installation planning
  Before you install HCL SafeLinx, verify that you meet the hardware and software requirements, and that the network connections that you want to use are available.
- Roadmaps: Installing and setting up SafeLinx
  The following "roadmap" topics guide you through installing and initially configuring SafeLinx. Refer to the topic that corresponds to your relational database and server operating system.
- Installing and initial configuration
  Initial configuration and installation of HCL SafeLinx varies based on your operating system and relational database.
- Adding a secure login profile
  By default, the SafeLinx Administrator communicates with the access manager over an unencrypted connection. If you want the connection between the SafeLinx Administrator and the access manager to use transport layer security (TLS) protocols, add a secure login profile to the SafeLinx Administrator.
- Adding and configuring resources
  After you complete the installation and initial configuration, continue to prepare the deployment by configuring other network resources.
- Administering
  The SafeLinx Administrator administration client is the primary tool for viewing, adding, configuring, and managing HCL SafeLinx resources. Along with the SafeLinx Administrator, you can use the HCL SafeLinx Monitor to view information about packet flow through the SafeLinx Server. You can also use a set of command line tools to perform common SafeLinx Server tasks.
- Programming reference
  There are several programming considerations of which you might want to take advantage.
- Database schema information
  HCL SafeLinx uses a DB2, Oracle, MySQL, or SQL database to store tables of information about current and past activity of SafeLinx Server sessions. The following tables are created and accessed by using the qualifier name wg for DB2 installations.
- Step by step: Nomad configuration
  Here are step-by-step instructions that serve as an example of how to install and configure HCL SafeLinx for Nomad on MySQL on Linux.

Admin Access

Administrators who use the SafeLinx Administrator must authenticate by providing an administrator ID and password.

With SafeLinx Administrator, you can organize your SafeLinx resources into different organizational units (OUs). After you assign resources to specific OUs, you can specify the level of access that you want to grant each administrator to resource types in each OU.

For example, you might place users into OUs based on location and then grant administrators the access to manage users in certain locations only. You might grant one administrator the access to manage mobile devices and grant another access to manage MNCs. By planning the organizational structure of your resources, you can provide administrators with as much or as little access and capability as you want.

If you do not want to use OUs to control access to SafeLinx resources, you can define all your resources in the root OU. The root OU is created the first time you log on to the access manager.

When you log on to SafeLinx Administrator as the default SafeLinx Server administrator (admin), you have complete control (super user authority) over all resource types in all OUs. You can create administrators with different access to different types of resources. You can define at least one administrator other than the default administrator.

You can specify whether the default admin (admin) can log in remotely to the access manager by using the SafeLinx Administrator. To prevent remote access by the default admin, edit the Security page of the access manager properties and clear the check box Allow super user administrator IDs to log in remotely from SafeLinx Administrator. For more information about how to edit properties, see Editing resource properties.

Note: Linux administrators who log on using the operating system root ID have the same access to resources as the default administrator, including remote access.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.