This paper explains how X1 Enterprise Edition security integrates seamlessly with an existing Microsoft network installation. It describes how X1 security features are configured and deployed, including web server security. It ends by showing how X1 and Microsoft Windows security layers work together at runtime.
Index Data Security in
Microsoft Windows Environments
®for X1 Enterprise Edition, versions 2.0 and 2.1
Functional Description
October 2005
Dejan Nenov
Vice President, Engineering
X1 Technologies, Inc.Contents
Introduction 3
Microsoft Windows Environment 3
X1 Enterprise Edition Security Layers 4
Windows File Permissions 4
Server Share Security 4
X1 Saved-Search Security 6
Web Server Security 7
Runtime Security 10
How X1 and Windows Security Work Together 11
About the Author and X1 Enterprise Edition 12Index Data Security in Microsoft Windows Environments®for X1 Enterprise Edition, versions 2.0 and 2.1
Introduction
X1 Enterprise Edition lets users search enterprise data with desktop, mobile, or browser clients. The product provides a security design that:. Can be installed without changes to the customer's existing Microsoft Windows security framework;. Adds an additional layer of security to domains managed by Microsoft Active Directory;. Results in a smaller index size than products from other vendors;. Is extensible to data stores outside Microsoft Windows domains. This paper explains how X1 Enterprise Edition security integrates seamlessly with an existing Microsoft network installation.It describes how X1 security features are configured and deployed, including web server security. It ends by showing howX1 and Microsoft Windows security layers work together at runtime.
Microsoft Windows Environment
1This paper assumes that X1 Enterprise Edition has been deployed within a corporate Microsoft Windows environment, sothat end-users, index data, and raw data all reside within the logical bounds of a Microsoft Windows domain managed by2Microsoft Active Directory .
In a Microsoft Windows environment, X1 Enterprise Edition takes advantage of the security facilities offered by theMicrosoft Windows file servers, Microsoft Active Directory infrastructure, and the Microsoft Internet Information Services3(IIS) web application server platform.
All the components in the diagram below must be present for X1 Enterprise Edition to operate in a secure fashion.
rey vx ro erS File ScannerI SPI 1 EX E1X X1 reads and stores theallow and deny lists of X1 Enterprise Client users and groups associated with each file on the server File ServerContains Raw DataX1 Browser Client X1 Enterprise Server with IISContains Index Data Microsoft Active Directory controls Microsoft Active Directory user and group controls user and group access to directories, log-ins and security files and shares
End-User Desktops Active Directory Server
Server RackMicrosoft Windows Infrastructure All trademarks are the property of their respective owners
1 "X1 Enterprise Edition" is used in the rest of this document to refer to X1 Enterprise Edition version 2.0 or version 2.1.2 http://www.microsoft.com/windowsserver2003/technologies/directory/activedirectory/default.mspx3 http://www.microsoft.com/windowsserver2003/iis/default.mspx
X1 Enterprise Edition: Index Data Security in Microsoft Windows Environments 3X1 Security Layers
To determine whether a user is authorized to receive a search result, X1 combines several layers of security, verifying the cre-dentials of the user's search query against the combined security rules of all layers.
Windows File PermissionsIf a user is not able to open a file using the standard Microsoft Windows file explorer, X1 assumes that the user is not author-ized to access the data stored in the file.
Windows file permissions are controlled by the security settings that have been applied to the file or to the directory that con-tains the file. These are settings that the IT administrator sets on the file server, from which X1 reads and indexes data.
These file permissions are managed directly (that is, outside the X1 system), using the standard Microsoft Windows file-securitymanagement tools. These tools are a standard part of the Microsoft Windows operating system and are in the MicrosoftWindows file explorer.
When X1 Enterprise Edition indexes a file from the end-user's server, it gets the list of allowed and denied users and groupsassociated with the file. This information is stored as part of the index. It is used to guarantee that the credentials of the user(or process) issuing a query match the a... [download for more]
