The AutoMate Enterprise Security system is a transaction-based system that utilizes two components:
The Enterprise Server (AES.EXE)
The Security Database (AESDB.exe)
These two executables are installed and located on the same machine. These are both implemented as NT System services and they communicate with one another.
In future versions, these services may be able to be located on different machines for scalability and high transaction volume.
The Enterprise Server Service is responsible for handing the TCP/IP communication between clients, it acts as a traffic director, accepting requests to deploy tasks and or change items in the security databases. For example, when the Enterprise Server Service receives a request for a list of machines that are running on the network it requests the Security Database service to perform a lookup. Based on the information it is given at that time it determines whether the user has rights to do so, if it does, it will request that the security database enumerate it’s user list and will in turn pass this information back to the client who requested it.
The communication between client and server is performed over native TCP/IP, so you may be located in the same office or on the other side of the world. Most transactions (with the exception of the request to be added to the user list) must be performed by a logged in User and the requesting machine must be registered on that AutoMate Enterprise Server. For a machine to be “registered” the requesting client must have completed the “registration wizard” which guides the user through this process including requesting an Administrator username and password. If an appropriate Administrator user name and password is not given the machine is not allowed on the server. If the Administrator username and password is correct the machine is added to the database and if the username is not already in the list then it is added to the guest group and it inherits whatever rights are assigned to the guest group. Users may later be moved to another group with more rights later should the Administrator wish it using the Security Manager Tool that is included with the server package (under the AutoMate 4 | Server Tools program group). This dual level of security (Users and Machines) provides a strong model to prevent unauthorized access to run tasks on your network.
This is an important issue as someone who is able to gain access to deploy tasks to the network could build a malicious task and in theory do anything he/she wants to all the machines that are logged into the Enterprise Server. Unisyn has worked hard to provide a robust security model that assures this does not happen.
IMPORTANT NOTE:
It is important to note that the AutoMate Enterprise Server security system only allows assignment of rights to groups (of either machines or users). It is not possible to assign rights to individual users. If you would like to establish a new set of rights for an individual, you must create a new group, assign the desired rights to it and add the desired user(s) to the group.
See Also: