About FCS Network Security

FCS provides network security support across the WAN. This includes support for Single Sign On (SSO) and network authentication.

This page discusses:

FCS network traffic can be between a client and server, or between two servers. SSO is cookie-based and is used for signing onto a server group. Authentication, on the other hand, is header-based and is used for HTTP traffic across a specific gateway, such as a proxy. SSO can be used for client-server interaction, but it is not useful for server-server interaction. Authentication can be used for both client-server and server-server interactions. For client-server interaction, the user is expected to provide the proper credentials for either SSO or authentication. For server-server interaction, SSO is not anticipated and the credential for authentication must be provided programmatically (in other words, without user interaction).

The authentication mechanism supported in FCS is provided by the Java implementation. Currently supported authentication schemes include:

  • Basic
  • Digest
  • NTLM
  • HTTP SPNEGO Negotiate (defined by Microsoft)

The underlying mechanisms are Kerberos or NTLM. Credentials can be stored as an encrypted file. An authentication option is also available in the FcsTools FcsSubmit and FcsReceive.

With FCS network security support, you can:

  • Configure an SSO server such that users no longer need to do multiple sign-ons for a group of servers belonging to the same entity.
  • Deploy MCS and FCS servers across a WAN, where variations in proxy servers challenge the traffic.

SSO Scenario

It may be desirable to combine various systems and solutions to achieve certain goals. For example, it is inconvenient for the staff members of the same company to be required to do one sign-on per system. SSO technology allows you to deploy a unified sign-on for all of your systems and solutions. To support this scenario, FcsClient is able to operate with SSO.

Authentication Scenario

As distributed systems become the norm, various scenarios arise in which the 3DEXPERIENCE platform must be deployed across tight security. The following are typical scenarios in which FcsClient and FCS/MCS are able to operate under the required security measures:

  • Competitive partners: In a supply-chain scenario, your company may find itself working with partners who are not part of your organization or may even be competitors. In this case, network traffic between the two parties must be under tight security.
  • Cloud computing: As companies move toward a total online solution, cloud computing becomes an important part of the 3DEXPERIENCE platform. Physical server locations become less relevant and as a result, you may end up deploying 3DEXPERIENCE platform servers in different clouds on different networks with different providers. In this case, network security is implied.