IBM® Secure Proxy

Consulting and Staffing

IBM Secure Proxy is a demilitarized zone (DMZ)-based application proxy that protects your file transfers from the public Internet, by enforcing tight controls including trading-partner authorization, multi-factor authentication and session break, before the transfer ever enters your trusted zone. 

Remedi offers IBM-certified integration consultants who can implement Secure Proxy and realize benefits that include:

  • SSL session breaks and multi-factor authentication – Help guard against unauthorized access and reduce data vulnerability to protect your brand
  • Leverage the Internet – Lower your file transfer costs and grow your file transfer community while securing the data and access to your trusted zone
  • Firewall navigation best practices – Increases perimeter security for your file transfer infrastructure to comply with regulatory policies and pass tougher security audits
  • Self-service logon portal – Provides self-service password management for trading partners reducing the dependency on IT staff
  • IBM Secure Proxy is available as licensed on-premises software

IBM Secure Proxy Product Description

Application Proxy

  • Resides in the demilitarized zone (DMZ)
  • Supports IBM® Connect:Direct®, IBM® Connect Express® and IBM® B2B Integrator servers
  • Support for multiple DMZ environments
  • Supports FTP, FTPS, HTTP, HTTPS, SSH/SFTP, PeSIT and Sterling Connect:Direct protocols
  • Supports use of a FIPS 140-2 compliant data encryption module

Firewall Navigation Best Practices

  • Prevents inbound holes in the firewall
  • Minimizes rich targets in the DMZ by ensuring that files, user credentials, and data are not stored in the DMZ
  • Establishes sessions from more-trusted to less-trusted zones
  • Enforces internal and external security policies

Perimeter Security

  • Prevents direct communications between external and internal sessions by establishing secure session breaks in the DMZ using SSL or TLS
  • Inspects protocol and sensitive control information, enabling configurable error handling for violations
  • Session limits and data encryption guard against Denial-of-Service attacks

Authentication Services

  • Customizable logon portal provides self-service password management for trading partners
  • Supports single sign-on and integrates with existing security infrastructure, including Active Directory and Tivoli user databases
  • Multifactor authentication enforces tight controls and validation of trading partner identity in the DMZ before information is passed to the trusted zone
  • Authentication options include IP address, user ID and password, digital certificates, SSH Keys, RSA SecurID

Clustering

  • One central configuration manager pushes out configuration rules to multiple engines running in the DMZ, making it easy to scale
  • Clustering for high availability and load balancing provides operational continuity and improved performance