Home
Administering
This section describes how to plan for, install, configure, operate, and manage the SafeLinx Server.
Overview
HCL SafeLinx uses standards-based protocols to enable secure access from mobile computing devices outside the firewall to business applications and data on your organization's internal network.
Key Components
Your SafeLinx deployment includes a range of components. Many components, including the access manager, SafeLinx Server, persistent data storage, and SafeLinx Administrator are common to all deployments. Other components, such as mobile access services, are used only if you support specific types of connections.
Access control lists and ACL profiles
An access control list (ACL) is a table of access levels for all resource types per organizational unit (OU).

Administering
This section describes how to plan for, install, configure, operate, and manage the SafeLinx Server.
- Overview
  HCL SafeLinx uses standards-based protocols to enable secure access from mobile computing devices outside the firewall to business applications and data on your organization's internal network.
  - Key Components
    Your SafeLinx deployment includes a range of components. Many components, including the access manager, SafeLinx Server, persistent data storage, and SafeLinx Administrator are common to all deployments. Other components, such as mobile access services, are used only if you support specific types of connections.
    - Access manager
      The access manager is the server-side process that communicates with the SafeLinx Administrator administrative application to manage configuration information for the HCL SafeLinx Server.
    - SafeLinx Server
      The SafeLinx Server provides a gateway through which mobile computing devices on a range of external networks connect securely to resources on your organization's private internal network.
    - Persistent data storage
      The SafeLinx Server needs access to an ODBC-compliant relational database to store configuration information, session data, and accounting and billing information.
    - SafeLinx Administrator
      The SafeLinx Administrator is the application that you use to configure, monitor, and maintain the resources of one or more SafeLinx Servers.
    - Directory service servers
      A directory service server (DSS) is a resource that designates an external user account database, such as an LDAP server, and provides information on how to connect to it.
    - Organizational units
      Organizational units (OUs) are containers that are used to group and isolate resources and, in combination with ACLs and ACL profiles, to control administrative access to those resources.
    - Admins
      Admins are users who are authorized to use the SafeLinx Administrator to configure, define maintain, and monitor SafeLinx Server resources.
    - HTTP access services
      HTTP access services enable secure connections between a remote mobile device and HTTP services on the internal network, such as HCL Traveler and HCL Sametime. HTTP access services do not require installation of a VPN client, and are sometimes said to provide clientless access. HTTP access services are secured with Transport Layer Security (TLS) encryption.
    - Mobile access services
      Mobile access services provide SafeLinx Clients with secure, virtual private network (VPN) access from external networks so that you can make enterprise applications and data available to your mobile workforce. Mobile access services support a wide range of wireless and dial-up networks.
    - Messaging services
      Messaging services enable a web application server to send messages from a wired network to a client on a wireless network.
    - Authentication profiles
      Authentication profiles define how SafeLinx interacts with the authentication server specified in a DSS to authenticate login credentials for HTTP access services or mobile access VPN connections.
    - Certificates
      SafeLinx uses X.509 certificates to establish TLS connections between the SafeLinx Server and other devices. Certificates can also be used for client authentication.
    - Wireless password policies
      A wireless password policy defines the rules that govern users' passwords. When you create a user ID and require a password, you can specify the password policy that applies to the user.
    - Device resolver
      The device resolver works in conjunction with network access servers (NAS) to uniquely identify devices whenever they connect to the network.
    - User accounts
      SafeLinx maintains a user database that contains account information for each user. These user account records can be added to the database in one of two ways, depending on how you manage authentication.
    - Groups
      A group is a collection of resources that you designate for combined use.
    - Access control lists and ACL profiles
      An access control list (ACL) is a table of access levels for all resource types per organizational unit (OU).
      - SafeLinx Server access control list
        You can assign additional access to administrators who have Read-only, Create, or Modify access to SafeLinx Servers in an OU.
      - User access control list
        You can assign this additional access to administrators who have Read-only access to users in an OU.
      - Broadcast group access control list
        Broadcast a message is enabled by default when an administrator has All, Create, and Modify access to broadcast groups in an OU.
    - Client roles
      The SafeLinx Server connects with clients based on which features are installed and configured.
- Security
  HCL SafeLinx includes a range of options for configuring the security of your network, applications, and data.
- Installation planning
  Before you install HCL SafeLinx, verify that you meet the hardware and software requirements, and that the network connections that you want to use are available.
- Roadmaps: Installing and setting up SafeLinx
  The following "roadmap" topics guide you through installing and initially configuring SafeLinx. Refer to the topic that corresponds to your relational database and server operating system.
- Installing and initial configuration
  Initial configuration and installation of HCL SafeLinx varies based on your operating system and relational database.
- Adding a secure login profile
  By default, the SafeLinx Administrator communicates with the access manager over an unencrypted connection. If you want the connection between the SafeLinx Administrator and the access manager to use transport layer security (TLS) protocols, add a secure login profile to the SafeLinx Administrator.
- Adding and configuring resources
  After you complete the installation and initial configuration, continue to prepare the deployment by configuring other network resources.
- Administering
  The SafeLinx Administrator administration client is the primary tool for viewing, adding, configuring, and managing HCL SafeLinx resources. Along with the SafeLinx Administrator, you can use the HCL SafeLinx Monitor to view information about packet flow through the SafeLinx Server. You can also use a set of command line tools to perform common SafeLinx Server tasks.
- Programming reference
  There are several programming considerations of which you might want to take advantage.
- Database schema information
  HCL SafeLinx uses a DB2, Oracle, MySQL, or SQL database to store tables of information about current and past activity of SafeLinx Server sessions. The following tables are created and accessed by using the qualifier name wg for DB2 installations.
- Step by step: Nomad configuration
  Here are step-by-step instructions that serve as an example of how to install and configure HCL SafeLinx for Nomad on MySQL on Linux.

Access control lists and ACL profiles

An access control list (ACL) is a table of access levels for all resource types per organizational unit (OU).

An ACL profile is a collection of ACLs that you assign to administrator IDs to define their level of access to resources. You can create as many ACL profiles as you want, and you can assign one profile to as many administrator IDs as you want.

To view the level of access of the Admin currently logged on to the SafeLinx Administrator, click File > Access Control Lists.

For most resources in an OU, the levels of access available are:

All: The highest level of access; the administrator can delete and perform all other operations on this resource.
Create: The administrator can view, edit, and add resources of this type.
Modify: The administrator can view and edit existing resources of this type.
Read-only: The administrator can view only resources of this type.
None: The administrator cannot view resources of this type.

Each access level includes all levels under it. If you assign Create access to a resource in an OU, you also allow Modify and Read-only access to the resource in that OU.

Resources that are not directly assigned to an OU inherit access from the parent resource. For example, a cluster manager inherits access from the SafeLinx Server.

In addition to general levels of access, three resources inherit additional levels of authority when assigned specific access levels in an OU: SafeLinx Server, User, and Broadcast group.

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.