When you manage mission-critical IT infrastructure for finance, healthcare, or government organizations, secure remote access is a strict necessity. You face constant pressure to pass security audits, integrate identity and access management (IAM) solutions, and meet looming government compliance deadlines. However, many legacy host systems do not natively support modern security protocols like SSL or TLS, leaving a critical gap in your defense-in-depth strategy.
You know your organization needs to modernize its security posture without disrupting daily operations. Rocket TE Security Server steps in as a key player to fill this gap. It provides a robust, flexible, and user-friendly way to encrypt connections for terminal emulation clients. Let us take a closer look at the architecture of Rocket TE Security Server and the system prerequisites you need to check before rolling out a secure deployment.
How the security server works as a secure proxy
At its core, Rocket TE Security Server functions as an SSL and TLS proxy. You can think of it as a secure intermediary standing between your Rocket TE clients and your mainframes, iSeries, or UNIX backend hosts. This architectural design solves a surprisingly common problem for enterprise environments: how to secure communications when legacy systems lack native encryption support.
By funneling traffic through this centralized proxy, you gain complete control over your network security. The security server handles two central deployment scenarios to ensure maximum flexibility and legacy compatibility.
SSL to clear-text proxy mode
In this scenario, SSL-enabled Rocket TE clients establish an encrypted connection directly with the security server. The security server decrypts the incoming traffic and then opens a clear-text connection to the target host over a secure internal network.
This configuration is perfect if your backend host does not support SSL natively. It allows you to protect data in transit across public or vulnerable networks, ensuring you achieve compliance effortlessly while your legacy system continues to operate without modification.
Clear-text to SSL proxy mode
This mode flips the architectural approach to support older technology. For legacy TCP/IP clients that cannot process SSL encryption, the security server allows them to connect using clear text. The proxy then upgrades their connection to an encrypted SSL or TLS session before passing the data to an SSL-capable remote host or another security server instance.
You can even link two security servers together to facilitate cross-domain secure transfers, such as mainframe-to-mainframe Secure FTP, regardless of native SSL support. This model offers real flexibility. Security and encryption are handled transparently, which keeps user workflows blissfully simple. Often, a lock icon in the client interface is the only visible change for the end user, ensuring high user adoption rates.
Configuring bindings and connections for centralized control
To help you achieve improved audit scores and centralized access control, Rocket TE Security Server relies on a modular architecture built around "bindings" and "connections." This structure gives administrators granular control over how traffic flows through the enterprise network.
- Bindings: These define the network interfaces and IP addresses used for incoming and outgoing traffic. You specify which network interface cards (NICs) handle the secure client side and which handle the potentially unsecure host side. This feature is highly effective for servers equipped with multiple network cards or those bridging different segmented networks.
- Connections: These attach to your bindings and define exactly how clients map to specific hosts. Connections dictate the rules of engagement, including support for protocols like Telnet, FTP, and HTTPS offload.
This modular approach allows system architects to design customized setups. Whether you run a simple single-network scenario or a complex segmented DMZ configuration, you can enforce strict security policies that satisfy the most demanding compliance audits.
System requirements for seamless legacy integration
Rocket TE Security Server runs exclusively on Microsoft Windows. We emphasize user-friendly deployment, ensuring you can enhance your security measures quickly. Here is the essential checklist you need to get started:
- Operating system support: For evaluation purposes, a standard Windows 10 machine is sufficient. For production environments, you should deploy on Windows Server 2008 R2, 2012, or 2012 R2. Both 32-bit and 64-bit versions are fully supported.
- Memory and CPU: We recommend a minimum of 4 to 8 GB of RAM. Naturally, supporting more concurrent users requires more memory. Plan for at least 64 MB of base memory, plus an additional 128 KB per concurrent user session if you utilize maximum buffer settings.
- Network configuration: You need at least one NIC, but you can easily leverage two or more for bridging networks and enhancing security segmentation.
- Disk space: The storage requirements are highly efficient. You simply need enough space to accommodate the software installation and your centralized audit logs.
For real-world deployments, we recommend opting for a dedicated server-class machine. Keeping your production and evaluation environments separate is a best practice that prevents surprises and ensures a seamless legacy integration.
Accelerate your security modernization journey
Your modernization journey is too important to be disrupted by security vulnerabilities or compliance failures. Rocket TE Security Server provides the comprehensive security and seamless IAM integration you need to protect your mission-critical data.
By understanding the proxy architecture and preparing your system requirements, you are taking the first step toward a more secure, compliant future. We will partner with you on solutions that protect your infrastructure while empowering your users to work efficiently and securely.
