Connect:Direct Secure Plus Tools

Connect:Direct® Secure Plus consists of five components: the Administration Tool (Secure+ Admin Tool), the parameters file, the access file, the Strong Password Encryption parameters file, and the Command Line Interface (Secure+ CLI). The following sections describe these components and their function.

Note: Only one instance of the Secure+ Admin Tool or the Secure+ CLI may be used at a time because they access the same configuration file. Do not open these tools at the same time or multiple copies of the same tool at the same time (two instances of Secure+ Admin or two instances of Secure+ CLI). Only the user who accessed the configuration file first will be able to save updates.

Administration Tool

The Secure+ Admin Tool enables you to configure and maintain the Connect:Direct Secure Plus environment. The Admin Tool is the only interface for creating and maintaining the Connect:Direct Secure Plus parameters file; operating system utilities and editing tools do not work.

Parameters File

The Connect:Direct Secure Plus parameters file contains information that determines the protocol and encryption method used during security-enabled Connect:Direct operations. To configure Connect:Direct Secure Plus, each site must have a parameters file that contains one local node record and at least one remote node record. The local node record defines the most commonly used security and protocol settings for the node at the site. Each remote node record defines the specific security and protocol used by a trading partner. You create a remote node record in the Connect:Direct Secure Plus parameters file for each Connect:Direct node that you communicate with.

At installation, a record named .SEAServer is created in the parameters file, which enables Connect:Direct to interface with External Authentication Server during TLS sessions. External authentication is configured in this record and enabled/disabled in the local and remote node records.

With v6.4, Connect:Direct Secure Plus support to cache certificate validation responses from External Authentication Server when it interfaces External Authentication Server during a TLS session. This minimizes the overhead associated with requesting certificate validation from External Authentication Server, thus eliminating the need for Connect:Direct Secure Plus to query External Authentication Server each time. External Authentication Server response caching feature is disabled by default. To enable it see, Configure External Authentication in the .SEAServer Record and Manage the External Authentication ServerRecord.

For additional security, the parameters file is stored in an encrypted format. The information used for encrypting and decrypting the parameters file (and private keys) is stored in the Connect:Direct Secure Plus access file.

Access File

The Connect:Direct Secure Plus access file is generated automatically when you create the Connect:Direct parameters file for the first time. You type a passphrase when you first initialize Connect:Direct. This passphrase encrypts and decrypts the private keys in the parameters file. Your administrator must secure the access file. This file can be secured with any available file access restriction tools. Availability of the access file to unauthorized personnel can compromise the security of data exchange.

Strong Password Encryption Parameters File

Strong password encryption protects Connect:Direct passwords at rest on the Connect:Direct server using strong encryption. Strong password encryption parameters are stored in the parameters file (<CD installation directory>\Server\Secure+\Nodes\.Password). This feature is enabled by default.

Connect:Direct Command Line Interface

The Java-based Connect:Direct Command Line Interface (Secure+ CLI) is provided to enable you to create customized scripts that automate implementing Connect:Direct Secure Plus. Sample Microsoft Windows scripts are provided as models for your customized scripts. You can save these scripts with another name, modify them to reflect your environment, and distribute them throughout your enterprise. For more information about using the Secure+ CLI, commands and parameter descriptions, and the scripts, see Start and Set Up the Connect:Direct Secure Plus CLI.