
Understanding Operational Requirements
Security Requirements
Most business applications require security. This section discusses security considerations and decisions.
User Authentication and Authorization
Application users must be authenticated. The Application Server provides three different choices for user authentication:
The default file based security realm is suitable for developer environments, where new applications are developed and tested. At deployment time, the server administrator can choose between the Lighweight Directory Access Protocol (LDAP) or Solaris security realms. Many large enterprises use
For more information on security realms, see Chapter 9, “Configuring Security,” in Sun GlassFish Enterprise Server 2.1 Administration Guide.
The type of authentication mechanism chosen may require additional hardware for the deployment. Typically a directory server executes on a separate server, and may also require a backup for replication and high availability. Refer to Sun Java System Directory Server documentation for more information on deployment, sizing, and availability guidelines.
An authenticated user’s access to application functions may also need authorization checks. If the application uses the
Encryption
For security reasons, sensitive user inputs and application output must be encrypted. Most
The Application Server supports SSL 2.0 and 3.0 and contains software support for various cipher suites. It also supports integration of hardware encryption cards for even higher performance. Security considerations, particularly when using the integrated software encryption, will impact hardware sizing and capacity planning.
Consider the following when assessing the encryption needs for a deployment:
Chapter 1 • Overview of Enterprise Server Performance Tuning | 21 |