Network Configurations |
Client Administration |
 |
|
Network Configurations |
Client Administration |
|
This section highlights the factors that influence the type of the network configuration architectures you can set up.
Normally when a browser downloads an application, the application is restricted by the browser to only making connections to the server from which it was downloaded. However when the PROIV Client OCX is used, the client may connect to servers other than the one from which it was downloaded. This is because the OCX is packaged in a cabinet (CAB) file that has been digitally signed by PROIV.
By digitally signing the CAB file using a certificate provided by Verisign, we are authenticating that the file has been built by us and that we are who we say we are. The Microsoft Windows Operating System recognises that the file has been signed and grants access to local system resources. This, for example, allows the OCX to store its images locally. It also allows the OCX to establish network connections to places other than the server from which it was downloaded.
If you create your own CAB files and do not digitally sign them then your users will only be able to connect to the server that supplied the client. If your users need to access another server then you must create a proxy connector for the service.
The PROIV Client OCX requires two connections:
The connection to the Client Administration server, to download the PROIV Client OCX.
The connection to the PROIV application server, through which the PROIV screen and application data is transferred.
The PROIV application server and the Client Administration server may be located either on the same host or on separate hosts and there are two types of connection that may be used:
Direct Connection - This is where the PROIV Client OCX connects directly to the PROIV application server. No proxy connector is used.
Proxy Connection - This is where the PROIV Client OCX connects to the PROIV application server through a proxy connector. This may be because the administrator wishes to hide the identity and connection details of the PROIV application server (for security reasons), or the connection requires some processing such as Telnet conversions or automatic login.
As the PROIV Client OCX is digitally signed it can establish network connections to hosts other than the one from which it was downloaded. It is therefore possible for the client to connect with a PROIV application server directly without being routed through a proxy connector in the Client Administration server . This type of connection is known as a Direct Connection.
The figure below shows a connection topology based on a Direct Connection to a PROIV application server running on the same machine as the Client Administration server.
The figure below shows a connection topology based on a Direct Connection to a PROIV application server running on a different machine to the Client Administration server.
Note that in both topologies the Client Administration proxy connector is not present.
If the PROIV application server and the Client Administration application server are located on separate hosts, then it is possible to use a proxy connector to route the PROIV datastream from the OCX client to the PROIV application server. This is referred to as a proxy connection.
The figure below shows a connection topology based on a proxy connection where the proxy connector is set up on the same machine as the Client Administration application server to add a level of security and separation.
 |
The same proxy connector may be used by many PROIV services configured in the Client Administration application server, however it can only route the connection to one PROIV application server. |
|
You can create proxy connections to PROIV applications whether or not the PROIV application server machine runs the Client Administration application server. |
Depending on how it is configured, a PROIV application sends and receives either Telnet-encoded or raw (non-Telnet) data. If the PROIV application connection is a Telnet connection then Telnet processing (encoding/decoding) must be performed on the PROIV datastream.
Therefore, in setting up a Client Administration service to access a PROIV application that uses Telnet data, you must arrange for the Telnet processing to take place.
Topic ID: 100004