Your SafeLinx deployment includes a range of components. Many components, including the
access manager, SafeLinx Server, persistent data storage, and SafeLinx Administrator are common to
all deployments. Other components, such as mobile access services, are used only if you support
specific types of connections.
Access manager The access manager is the server-side process that communicates with the SafeLinx Administrator administrative application to manage configuration information for the HCL SafeLinx Server. SafeLinx Server The SafeLinx Server provides a gateway through which mobile computing devices on a range of external networks connect securely to resources on your organization's private internal network. Persistent data storage The SafeLinx Server needs access to an ODBC-compliant relational database to store configuration information, session data, and accounting and billing information. SafeLinx Administrator The SafeLinx Administrator is the application that you use to configure, monitor, and maintain the resources of one or more SafeLinx Servers. Directory service servers A directory service server (DSS) is a resource that designates an external user account database, such as an LDAP server, and provides information on how to connect to it. Organizational units Organizational units (OUs) are containers that are used to group and isolate resources and, in combination with ACLs and ACL profiles, to control administrative access to those resources. Admins Admins are users who are authorized to use the SafeLinx Administrator to configure, define maintain, and monitor SafeLinx Server resources. HTTP access services HTTP access services enable secure connections between a remote mobile device and HTTP services on the internal network, such as IBM Traveler and IBM Sametime. HTTP access services do not require installation of a VPN client, and are sometimes said to provide clientless access. HTTP access services are secured with Transport Layer Security (TLS) encryption. Mobile access services Mobile access services provide SafeLinx Clients with secure, virtual private network (VPN) access from external networks so that you can make enterprise applications and data available to your mobile workforce. Mobile access services support a wide range of wireless and dial-up networks. Messaging services Messaging services enable a web application server to send messages from a wired network to a client on a wireless network. Authentication profiles Authentication profiles define how SafeLinx interacts with the authentication server specified in a DSS to authenticate login credentials for HTTP access services or mobile access VPN connections. Certificates SafeLinx uses X.509 certificates to establish TLS connections between the SafeLinx Server and other devices. Certificates can also be used for client authentication. Wireless password policies A wireless password policy defines the rules that govern users' passwords. When you create a user ID and require a password, you can specify the password policy that applies to the user. Device resolver The device resolver works in conjunction with network access servers (NAS) to uniquely identify devices whenever they connect to the network. User accounts SafeLinx maintains a user database that contains account information for each user. These user account records can be added to the database in one of two ways, depending on how you manage authentication. Groups A group is a collection of resources that you designate for combined use. Access control lists and ACL profiles An access control list (ACL) is a table of access levels for all resource types per organizational unit (OU). Client roles The SafeLinx Server connects with clients based on which features are installed and configured.