What is/are: Communication Channels: UDM Reporting

Introduction

Reports and analysis of the user data being created and retained in an organization's file systems are access through both the Storage Reporter legacy client and the NSS Console. This article describes the communications channels used in the gathering of data (common for both interfaces) and display through both of these clients. Encryption and authentication used for each channel is also provided.

Communication Channels

nsscomms

1. NSS Core Service <> File Systems
Data Type: Meta-data of files in scanned file systems.
Channel & Encryption: File systems are scanned using CIFS and NFS, SharePoint sites are scanned using HTTP/HTTPS.
Authentication: NSS Core Service permissions (Integrated Windows Authentication).

2. NSSX Service <> NSS Core Service
Data Type: Configuration of file system scanning, SQL connection string (if used).
Channel & Encryption: NETTCP connection, by default encrypted with RSA15 key wrap algorithm, SHA256 for signature digest, and 128-bit Basic for message encryption algorithm. Certificate for client signing is supported.
Authentication: Integrated Windows Authentication by default. Client Certificate Mapping, Digest and Simple can also be used.

3. NSSX Service <> Data Database
Data Type: Access rule configuration (allowing users to view reports).
Channel & Encryption: Client Protocol configured as SQL Client or on SQL Server (TCP/IP Sockets, Named Pipes, etc.) Authentication: Integrated Windows Authentication or SQL Authentication (operator configured).
Note: Channel and encryption configuration is external to NSS.

4. NSS Core Service <> Data Database
Data Type: Consolidated meta-data of files in scanned file systems, scan configurations.
Channel & Encryption: Client Protocol configured as SQL Client or on SQL Server (TCP/IP Sockets, Named Pipes, etc.)
Authentication: Integrated Windows Authentication or SQL Authentication (operator configured).
Note: Channel and encryption configuration is external to NSS.

5. IIS <> Data Database, Legacy Clients <> Data Database
Data Type: Consolidated file meta-data reports.
Channel & Encryption: Client Protocol configured as SQL Client or on SQL Server (TCP/IP Sockets, Named Pipes, etc.)
Authentication: Integrated Windows Authentication or SQL Authentication (operator configured).
Note: Channel and encryption configuration is external to NSS.

6. IIS <> Client Database
Data Type: User SID, user (NSS Console) view settings.
Channel & Encryption: Client Protocol configured as SQL Client or on SQL Server (TCP/IP Sockets, Named Pipes, etc.)
Authentication: Authentication method dependent on channel used. Note: This configuration is external to NSS.

7. NSSX Service <> IIS
Data Type: NSS Configuration parameters, including Database and SMTP.
Channel & Encryption: NETTCP connection, by default encrypted with RSA15 key wrap algorithm, SHA256 for signature digest, and 128-bit Basic for message encryption algorithm. Certificate for client signing is supported.
Authentication: Integrated Windows Authentication by default. Client Certificate Mapping, Digest and Simple can also be used. Note: NSS does not store user credentials, instead it relies on IIS to validate clients identity. This channel is used when accessing the Administrative pages of the NSS Console. Only users who are authenticated as members of the NSS Admins local Security Group have access to the NSS Administration pages. Data sent over this channel may contain passwords if the recommended Integrated Windows Authentication is not used. In cases where SQL Authentication is used for database connection then passwords are sent once to the server and never retrieved. Passwords are encrypted using Microsoft DPAPI and stored in configuration files.

8. Reporting Console <> IIS
Data Type: Logon credentials
Channel & Encryption: HTTP or HTTPS.
Authentication: Integrated Windows Authentication by default. Client Certificate Mapping, Digest and Simple can also be used.
Note: NSS does not store user credentials, instead it relies on IIS to validate clients identity.

9. Legacy Clients <> NSS Core Service
Data Type: Scan configuration information.
Channel & Encryption: Named Pipes.
Authentication: Integrated Windows Authentication (user access to NSS administrative path).

ADDITIONAL RESOURCES

  • KB3041 What is/are: Runtime Architecture: NSS Console
  • KB Article: 3043

    Updated: 11/25/2014

    • Category
      • Reference
    • Affected versions
      • NSS 9.5
      • NSS 9.6

    North America HQ

    NORTHERN Parklife, Inc.
    301Edgewater Place, Suite 100
    Wakefield, MA 01880
    USA

    Voice: 781.968.5424
    Fax: 781.968.5301

    salesUS@northern.net

     

    Additional Contact Information

    EMEA & APAC HQ

    NORTHERN Parklife AB
    St. Göransgatan 66
    112 33 Stockholm
    Sweden

    Voice: +46 8 457 50 00

    salesHQ@northern.net

    Northern Parklife



    ©2018 northern parklife

    privacy statement 
    terms of use