IBM Secure Proxy is a demilitarized zone (DMZ)-based application proxy that protects your file transfers from the public Internet, by enforcing tight controls including trading-partner authorization, multi-factor authentication and session break, before the transfer ever enters your trusted zone. 

Remedi offers IBM-certified integration consultants who can implement Secure Proxy and realize benefits that include:

• SSL session breaks and multi-factor authentication – Help guard against unauthorized access and reduce data vulnerability to protect your brand
• Leverage the Internet – Lower your file transfer costs and grow your file transfer community while securing the data and access to your trusted zone
• Firewall navigation best practices – Increases perimeter security for your file transfer infrastructure to comply with regulatory policies and pass tougher security audits
• Self-service logon portal – Provides self-service password management for trading partners reducing the dependency on IT staff
• IBM Secure Proxy is available as licensed on-premises software

IBM Secure Proxy Product Description

Application Proxy

• Resides in the demilitarized zone (DMZ)
• Supports IBM® Connect:Direct®, IBM® Connect Express® and IBM® B2B Integrator servers
• Support for multiple DMZ environments
• Supports FTP, FTPS, HTTP, HTTPS, SSH/SFTP, PeSIT and Sterling Connect:Direct protocols
• Supports use of a FIPS 140-2 compliant data encryption module

Firewall Navigation Best Practices

• Prevents inbound holes in the firewall
• Minimizes rich targets in the DMZ by ensuring that files, user credentials, and data are not stored in the DMZ
• Establishes sessions from more-trusted to less-trusted zones
• Enforces internal and external security policies

Perimeter Security

• Prevents direct communications between external and internal sessions by establishing secure session breaks in the DMZ using SSL or TLS
• Inspects protocol and sensitive control information, enabling configurable error handling for violations
• Session limits and data encryption guard against Denial-of-Service attacks

Authentication Services

• Customizable logon portal provides self-service password management for trading partners
• Supports single sign-on and integrates with existing security infrastructure, including Active Directory and Tivoli user databases
• Multifactor authentication enforces tight controls and validation of trading partner identity in the DMZ before information is passed to the trusted zone
• Authentication options include IP address, user ID and password, digital certificates, SSH Keys, RSA SecurID

Clustering

• One central configuration manager pushes out configuration rules to multiple engines running in the DMZ, making it easy to scale
• Clustering for high availability and load balancing provides operational continuity and improved performance