|
|
|
What is Verastream AADS?
Technical Note 10060
Last Reviewed 17-Aug-2006
Applies To
Verastream Host Integrator
Summary
Technical Note 10060
Last Reviewed 17-Aug-2006
Applies To
Verastream Host Integrator
Summary
This technical note describes the roles and functions of Authentication Authorization and Directory Services (AADS) in Verastream Host Integrator (VHI).
What is AADS?
Authentication Authorization and Directory Services (AADS) is a required component for any Verastream Host Integrator installation to run.
The AADS server performs the following duties:
- Authentication: AADS verifies the identity of components for certain communications using a combination of AADS public key certificates, private keys, and a key exchange protocol.
- Authorization: If security has been enabled, AADS checks that a client user has rights to perform the requested function. Administrator, Developer, and User profile groups are configured in Verastream Administrative WebStation for access control. User ID and password credentials provided by the client are passed to the operating system to verify validity and group membership.
- Directory Services: AADS tracks servers and domains, and provides information to clients when requested.
A Verastream installation uses a single AADS server, or multiple AADS servers (in a failover configuration) sharing an AADS common name. The AADS server or common name is used by all Session Servers in the installation environment.
Functions Performed By AADS
AADS communication occurs at the following events:
- When a Session Server is installed, the setup program performs install-time registration with the AADS server.
- When a Session Server is removed from an installation (using unregister_server.sh on UNIX, or Add/Remove Programs on Windows), it is unregistered with the AADS.
- When a Session Server starts, it performs runtime registration with the AADS.
- When a Session Server stops, it performs runtime unregistration with the AADS.
- When a connector client connects to a Session Server, the Session Server communicates with AADS on behalf of the client for authentication and/or user authorization. (If security is enabled on the Session Server or domain, user ID and password credentials must be specified in the connection method API call for authorization.)
- When a non-connector client connection is established (by Administrative WebStation console, Session Monitor utility, activatemodel or deactivatemodel deployment tools, Design Tool deployment, Web Builder obtaining model data, or standalone Log Viewer utility), the client communicates directly with AADS as necessary for authentication and/or user authorization.
- When a connector connects via domain (for Session Server load balancing), the connector asks AADS for the name of the Session Server performing the primary domain server function. For more information on Session Server load balancing, see Technical Note 10052.
- In an AADS failover configuration, peer AADS servers in an installation communicate with each other at runtime to replicate information. For information on configuring AADS failover, see Technical Note 10048 (for UNIX) or 10049 (for Windows).
- In an AADS failover configuration, when a peer AADS server is removed from an installation (using unregister_aads.sh on UNIX, or Add/Remove Programs on Windows), it is unregistered with the remaining running AADS servers.
- When AADS configuration is changed, the running Session Servers are notified.
- As the AADS server performs actions, it communicates with Log Manager to add messages to the AADS log. For more information on logging, see Technical Note 40032.
