Blue Coat Systems SGOS 4.x ユーザーズマニュアル
Chapter 3: Feature-Specific Upgrade Behavior
17
Authentication
Two new realms—policy substitution and Oblix COREid—have been added in SGOS 4.x.
•
COREid Realm—The ProxySG can be configured to consult an Oblix COREid (formerly known as
Oblix NetPoint) Access Server for authentication and session management decisions. This
requires that a COREid realm be configured on the ProxySG and policy written to use that realm
for authentication.
Oblix NetPoint) Access Server for authentication and session management decisions. This
requires that a COREid realm be configured on the ProxySG and policy written to use that realm
for authentication.
•
Policy Substitution Realm—A Policy Substitution realm provides a mechanism for identifying and
authorizing users based on information in the request. The realm uses information in the request
and about the client to identify the user. The realm is configured to construct user identity
information by using policy substitutions. See Table 3.2 on page 15 for useful substitutions added
in support of this feature.
authorizing users based on information in the request. The realm uses information in the request
and about the client to identify the user. The realm is configured to construct user identity
information by using policy substitutions. See Table 3.2 on page 15 for useful substitutions added
in support of this feature.
In addition, RADIUS realms now support one-time passwords, and Netegrity realms now allow you
to enable or disable client IP validation.
to enable or disable client IP validation.
Upgrade Behavior
COREid and Policy Substitution realms: These new realms have no upgrade issues. On a downgrade,
the realms will not be recognized and could cause policy compilation to fail if they are referenced by
policy.
the realms will not be recognized and could cause policy compilation to fail if they are referenced by
policy.
Netegrity: On an upgrade, the new realm option for client IP validation is added to existing realms
with the default value of
with the default value of
enabled
so that the behavior remains as it was. On a downgrade, the value
is ignored and all SiteMinder realms do client IP validation.
Administrator Actions
You must upgrade to the latest version of the Blue Coat Authorization and Authentication Agent
(BCAAA) before you can use the new COREid realm.
(BCAAA) before you can use the new COREid realm.
Documentation References
•
Chapter 9, “Using Authentication Services,” in the Blue Coat ProxySG Configuration and
Management Guide
Management Guide
Bandwidth Management
Bandwidth management allows you to classify, control, and, if required, limit the amount of
bandwidth used by different classes of network traffic flowing into or out of the ProxySG. Network
resource sharing (or link sharing) is done using a bandwidth-management hierarchy where multiple
traffic classes share available bandwidth in a controlled manner.
bandwidth used by different classes of network traffic flowing into or out of the ProxySG. Network
resource sharing (or link sharing) is done using a bandwidth-management hierarchy where multiple
traffic classes share available bandwidth in a controlled manner.
Bandwidth management provides the following features:
•
Guarantees that certain traffic classes receive a specified minimum amount of available
bandwidth.
bandwidth.
•
Limits certain traffic classes to a specified maximum amount of bandwidth.
•
Prioritizes certain traffic classes to determine which classes have priority over available
bandwidth.
bandwidth.