GemStone/S 64 Bit X509-Secured GemStone

  • 1. Introduction to X.509-based Security Features

    • 1.1 Overview

  • 2. X.509 Certificates

    • 2.1 Utilities to create Certificates

      • Certificate Utilities

      • Limiting the period for which a certificate is valid

      • Limiting the IP addresses for Hosts and Users

        • Restricting nodes on which a host certificate can be used

        • Restricting nodes on which Gem or Application can run

      • Example certificate creation

    • 2.2 Examine and delete certificates

      • Certificate directory structure

      • Duplicates and Deleting certificates

    • 2.3 Certificate revocation list

      • scripts to revoke host and user

      • Applying updated CRL

  • 3. Getting Connected

    • 3.1 Setup and Login

      • 1. Configuring the Stone and the remote node

      • 2. Setup script and log directories

        • On the Stone’s Node

        • On the Remote Node

        • Setup log directories

      • 3. Start certificate-only NetLDI on the Stone’s Node

        • Example

      • 4. Start certificate-only NetLDI on the Remote Node

        • Define or select a configuration file

        • Start the Remote NetLDI

        • Example

      • 5. Start the HostAgent on the Stone’s node

        • Example

      • Flow of Operations during HostAgent startup

      • 6. Login

      • Flow of Operations during Login

      • Troubleshooting startup failures

        • Objects hidden by Object filtering

    • 3.2 X509 logins from Topaz

      • X509 login parameters

      • topaz arguments to configure X509 parameters on command line

        • Status command

    • 3.3 X509 logins using the GCI interface

    • 3.4 X509 logins using GBS

    • 3.5 X509 logins using External Sessions

    • 3.6 Local Logins

  • 4. Remote Cache Object Filtering

    • 4.1 Overview

      • Overview of Object level security

      • Object Filtering

      • Object Filtering support classes

    • 4.2 Details on Classes that implement Object Filtering

      • IPv4Subnet

      • ObjectFilteringPolicy

        • Creation

        • Specifying mappings

      • ObjectFilteringPolicyMap

        • Specifying and looking up policies within a map

        • Installing and finding out about the defined map/ObjectFilter

      • UnauthorizedObjectStub

    • 4.3 ObjectFilter internal and usage details

      • Changing the ObjectFilter

      • Filtering and mid level caches

  • 5. X509 Mid Level Cache

    • 5.1 Overview

      • X509-secured Mid-level caches

    • 5.2 Configuring and Starting the X509 Mid Level Cache

      • Starting the mid-level cache NetLDI

        • 1. Create Certificates and configure on mid-cache host

        • 2. Start the mid-level cache’s NetLDI

        • 3. Start the two HostAgents from the Stone’s node

      • Flow of Operations

    • 5.3 Connecting to a mid-level cache

      • Flow of Operations

      • Example

      • Reconnecting

  • 6. Administration

    • 6.1 Managing HostAgents

      • Information about HostAgents

      • Stopping HostAgents

        • Stopping from the command line

        • Stopping from within the image

        • Restarting after stopping host agent

    • 6.2 Managing Caches

      • Timeout of the secure remote cache

      • Mid level caches require explicit stop

      • Information on caches

      • Warming caches on startup

      • Keeping mid-level caches warm

    • 6.3 Managing NetLDIs

      • Stopping certificate-only NetLDIs

      • Multiple NetLDIs

    • 6.4 Log Files

      • Netldi default log file directory

      • Gem logs

      • HostAgent logs

      • Other process log files

    • 6.5 Other Administration

      • Requiring UserProfiles to use X509 Authentication

      • Disallowed Operations in a X509 session

  • A. X509-related Utilities and Configurations

    • A.1 Configuration Parameters specific to X509-Secured GemStone

      • NetLDI configuration Parameters

      • Configuration parameters used for x509 remote caches

      • Gem Configuration Parameters

      • Other parameters with specific behavior in X509-secured processes

    • A.2 Utility details for X509

      • gslist

        • gslist for remote nodes

        • HostAgent information

      • starthostagent

      • startnetldi

      • stophostagent

Copyright 2019 GemTalk Systems