Servigistics InService Deployment > Planning Your Deployment > Architecture Overview > Security
  
Security
Security is a vital component to any architecture choice that customers make. There are a variety of ways to grant access to the system for external users. The following are some configurations that are commonly used by customers.
Reverse Proxy
A reverse proxy configuration is a popular way of placing a secured web server or even the incoming port to a load balancer like a Cisco ACE or F5 BigIP into a public DMZ of your network. Any incoming user request is directed into the reverse proxy server. After the request is received the web server proxies a new request, typically across a firewall, to the application server. The response is ultimately sent back to the user through the reverse proxy and this cycle continues.
Some customers have more extensive reverse proxy infrastructures to support their existing extranet infrastructure. When a proxy communicates with the application server, the request is typically HTTP(S) to HTTP(S).
Authentication and Single Sign-On
Servigistics InService uses BASIC authentication as the default configuration with the application server and LDAP. Other formats of authentication can be configured if required, however various application functionalities with Servigistics InService may not be compatible with those formats.
For large implementations where the Servigistics InService Publisher and Viewers operate in a split configuration, authentication is managed separately as well.
The Servigistics InService Publisher user base is limited to a few users that manage the publishing tasks and may not require the rigors of a Single Sign On (SSO) authentication system.
Whereas the Servigistics InService Viewer user base can be quite extensive and require the rigors of safely authenticating users accessing this internet-facing application. SSO authentications systems are a typical feature applied to large Viewer applications.
Within the WildFly application server that is part of the Servigistics InService solution, authentication to one or more LDAP servers is supported to the extent that no LDAP contains a duplicate user ID found in another. Authentication against multiple LDAP servers assumes that the user credentials in each LDAP are unique and are identified on a first match basis.
For customer implementations that have more complex authentication requirements, PTC strongly recommends that a more advanced identity management solution be leveraged. Customers have successfully deployed the use of identity management products from CA SiteMinder, Oracle Identity Manager and several other identity management solutions.
While Servigistics InService is an application that is accessible through standard web browsers over HTTP, not all clients that access Servigistics InService are guaranteed access through a web browser. If you are implementing an authentication solution such as form-based authentication (which is supported with Servigistics InService 6.0), there are additional configuration details that need to be made, including possible coding changes in Servigistics InService.