WebSEAL functionality on the appliance
The appliance web reverse proxy includes most of the features offered by a standard software installation of WebSEAL. However, there are some differences, as detailed in this section.
Feature | Description |
---|---|
Custom libraries, including CDAS and EAS | The appliance does not support custom CDAS modules. As a result, the appliance
does not support the following authentication mechanisms:
Note: The appliance
does support the IBM Security Identity Manager
Password Synchronization Plug-in. For more information, see
the [itim] stanza in the Web Reverse Proxy Stanza Reference..
|
Local junctions | The following limitations apply to local junction
support on the appliance:
|
Hardware Based Cryptography | The appliance does not support any hardware-based cryptography. However, the hardware appliance does include AES-NI support in the i7-2600 processor, which can handle cryptographic operations. |
Application Response Measurement (ARM) | WebSEAL software includes ARM to monitor transactions throughout the request and response processing stream. The appliance does not include ARM. |
Tivoli® Common Directory Logging | The Tivoli Common Directory Logging feature stores all log files for IBM® Security software applications in a common file system directory. The appliance does not support this common logging. Logging for the appliance is managed through the LMI. |
Auditing to a pipe | The appliance cannot send audit records directly to a pipe. It can however, use an intermediate Security Access Manager authorization server to indirectly send audit records to the destinations. The appliance can also send audit data to remote syslog. |
ARS (web service) | The IBM Security Access Manager ARS web service can send request information to an external ARS server for authorization. ARS is not available on the appliance. |