Boston Enterprise Security
Boston Enterprise is Boston served over the web by Thinfinity Virtual UI by Cybele Software, Inc. (www.cybelesoft.com).
Security Features of Thinfinity Virtual UI
Thinfinity Virtual UI uses application virtualisation such that the application that is being served runs on a remote server and what is exchanged between a users browser are graphical images, keystrokes and mouse events.
Security is managed at multiple layers:
1. Web access layer (who has access to the application in terms of their ability to access the web page interfaced to Virtual UI);
2. Credentials layer (who can access Virtual UI based on various authentication protocols); and
3. Application layer (what security measures are build into the software).
Boston Enterprise has its own user authentication and privileges built into Boston (layer 3). Here we discuss Thinfinity Virtual UI's security protocols at layers 1 and 2.
Layer 1 - Web Access Layer
Beyond what security you set up to govern web access to the page that services Boston Enterprise (e.g. IP whitelisting and blacklisting), Thinfinity Virtual UI has it's own IP whitelist and blacklist.
I.e. You can control within the Virtual UI Server which IP addresses can access applications within the software.
NB IP whitelisting and blacklisting are also available for each application configured to be served by the Virtual UI Server.
Documentation
See the Virtual UI documentation for IP restrictions at: https://thinfinity-vui-v3-docs.cybelesoft.com/configuration-reference-section/production-server/applications/application-profile/restrictions
Layer 2 - Credentials Layer - Authentication
Thinfinity Virtual UI offers the following authentication methods:
| Windows Login | - Where you create users on the machine hosting Boston Enterprise; |
| RADIUS | - While RADIUS primarily works with usernames and passwords, its extensibility means it can be integrated with other systems to support more advanced authentication mechanisms, such as tokens, certificates, or even biometrics in certain configurations; |
| OAuth 2.0 | - Includes: LinkedIn, Google, Facebook, Dropbox and other; and 2 Factor Authentication, Azure SAML AWS SAMLE |
| External DLL | - Write your own custom function for authentication. |
Documentation
See the Virtual UI documentation for Authentication at: https://thinfinity-vui-v3-docs.cybelesoft.com/advanced-features-section/advanced-features/end-user-authentication/authentication-methods
Layer 3 - Application Layer
Usernames and Passwords restricting access to Boston Enterprise can be configured by a Superuser inside Boston Enterprise.
Further security over models and data inside Boston Enterprise are managed by Users, Groups, Functions, Roles and Permissions.
--------------------------------------------------End of Document-----------------------------------------------------