Академический Документы
Профессиональный Документы
Культура Документы
Security Overview
Version 3.5.2
ES3
Security Overview
Contents
3 - 8
Architecture Overview
Architecture Details
4 - 7
Deployment Options
8 - 12
End-To-End Security
Portal Security
10
Transmission Security
11
12
13
Contact
ES3
Architecture Overview
Roambi ES3 leverages a multitiered architecture, with persistency of files stored within your existing business intelligence infrastructure. Below is a
high level architecture diagram.
Roambi Publisher
Roambi Server
Roambi App
ES3
Architecture Details
The Roambi ES3 Server handles the connection, creation and distribution of Roambi files (mobile dashboard style analytics). It is a Java based
application delivered as a single .war file that runs on Tomcat and Jboss application servers.
The Roambi ES3 Server communicates to various BI servers via their native API/SDK to provide:
User/Group Management
Single Sign On
Object Level Security
File Management
Completed Roambi mobile analytics and dashboards are stored in your BI system, and leverage its storage repository and security infrastructure.
Roambi file access is controlled by your BI systems security settings.
Deployment Options
Roambi ES3 can be setup in several deployment configurations to ensure the data security your company requires, while giving your mobile
workers access to their critical business data on-the-go.
ES3
Deployment Options
Roambi ES3 Server Deployed Inside Your DMZ
1. The Roambi ES3 Server resides inside the DMZ (Demilitarized Zone)
2. Mobile users connect directly to the Roambi ES3 Server via https
3. Additional security techniques are required to prevent unauthorized access to the Roambi ES3 Server
NOTE: This is the least secure deployment option
Roambi Publisher
Roambi App
Roambi Server
BI
System
Inner
Firewall
Outer
Firewall
ES3
Deployment Options
Roambi ES3 Server Deployed Inside The Corporate Network
1. The Roambi ES3 Server resides behind both corporate firewalls
2. Mobile workers use the VPN configuration on the accessing mobile device
3. VPN can be either user-invoked or on-demand (on-demand must be preconfigured using the iPhone/iPad configuration utility)
NOTE: This is the most secure deployment option
Roambi Publisher
Roambi App
Roambi Server
BI
System
Outer
Firewall
ES3
Deployment Options
Using a Reverse Proxy Inside Your DMZ
1. The Roambi ES3 Server resides inside the corporate network
2. It is fronted by a software (e.g. Apache) or hardware (e.g. Cisco) proxy
3. Mobile users hit the reverse proxy URL from their devices and are redirected to the Roambi ES3 Server inside the corporate network
4. This configuration is widely used for extranet deployments
NOTE: This deployment option provides a high level of security
Roambi Publisher
Roambi App
Roambi Server
Reverse
Proxy
BI
System
Inner
Firewall
Outer
Firewall
ES3
End-To-End Security
Existing BI Portals
User/Group Management
Single Sign On
Object Level Security
Row Level Security
File Management
Mobile Devices
App Lockout
Remote Wipe
Passcode Lock
File Delete
Hardware Encryption
Device Provisioning
VPN
Device Level Remote Wipe
ES3
End-To-End Security
Portal Security
Data Storage Security
The Roambi ES3 Server is installed on premise behind your companys firewall where users
access the data stored in your existing business intelligence system to create Roambi files
secure, interactive visual analytics and mobile dashboards for any iPhone, iTouch, or iPad.
Roambi ES3 does not store any of your data. The resulting Roambi files (mobile dashboard
style analytics) are stored securely within your BI portal leveraging the security infrastructure
of your business intelligence system.
Data Access Security
One way Roambi ES3 leverages the security of your BI system is by using its established
authentication methods. Roambi does not require a separate security infrastructure. It uses the
security settings and sessions (including row and object level security) you already have setup
inside your BI system. This means that in order for users to access Roambi content either in
the Roambi Publisher or on their iPhone/iPad/iPod Touch they would be required to enter their
BI system username and password.
By leveraging the existing BI System security layer, all security restrictions are applied to each
user at login. So, when a user selects a Roambi file to download or refresh, they will be
presented only with the data they are authorized to access. This enables you to create one
Roambi file that will fulfill the needs of many different users.
In addition to leveraging the inherent security of your existing BI system, Roambi ES3 provides
Device Block which enables administrators to block any specific device from accessing the
company server.
ES3
End-To-End Security
Transmission Security
Data Transmission Security
To ensure your data is secure during the transmission of Roambi files to the iPhone/iPad, Roambi ES3 employs SSL (HTTPS) based data
transmission protocol. This provides the most secure data transmission available between the Roambi ES3 Server and the mobile device.
Roambi can leverage both server and client side certificates also known as two-factor authentication. The server certificate verifies that the ES3
Server is a valid site, and the client side certificate tells the server that the iPhone/iPad is a valid device which is authorized to connect to the ES3
Server. Note that Roambi ES3 can utilize a server certificate only, but the most secure and recommended method is with the addition of a client side
certificate along with the server certificate.
Roambi App
Roambi Server
Are you a trusted device/user?
10
ES3
End-To-End Security
11
ES3
End-To-End Security
iPhone in Business
http://www.apple.com/iphone/business/integration/
iPhone Security Overview
http://images.apple.com/iphone/business/docs/iPhone_Security.pdf
iPhone Deployment
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf
iPhone and VPN
http://images.apple.com/iphone/business/docs/iPhone_VPN.pdf
Certificates
http://images.apple.com/iphone/business/docs/iPhone_Certificates.pdf
12
ES3
End-To-End Security
Contact
For more information regarding Roambi ES3,
please contact us:
By Email:
sales@roambi.com
partners@roambi.com
By Phone:
1.858.847.3272
Online:
www.roambi.com
Mellmo Inc.
2002 Jimmy Durante Blvd. #124
Del Mar, California 92014
13