Visual Guard Architecture - possible implementations

Visual Guard is a modular solution covering most application security requirements, from application-level security systems to Corporate Identity and Access Management Solutions.

Visual Guard Architecture

Visual Guard is a flexible solution that complies with most architectures and technical requirements. Below are several examples of possible implementations:

Visual Guard Enterprise Edition – Public Mode

VG Server exposes Web Services to secure multiple technologies with the same system

Access Control Life Cycle

  1. Development
    Developers define permissions with the VG Win Console.
    Permissions are stored in a development repository.
    Developers deploy the permissions into production with a VG utility

  2. Administration
    Administrators manage Users and grant them permissions.
    They update the production repository with the VG Web Console

  3. Enforcement
    VG Server exposes Web Services for User Authentication and Access Control.
    Applications call VG Web Services to verify the user identity and check his access Privileges.
    Each operation performed by the user is logged in the VG Repository.


  4. Audit
    Auditors use a specific application provided with VG.
    They can control user attributes, roles and privileges across multiple systems. They can also review user operations.
permissions development
users and permissions management
Security enforcement
Security audit

Notes

  • Any windows or web application capable of SOAP calls or HTTP Requests is supported.
  • Applications do not need a direct access to the database.
  • Neither do the Administration Console or the Auditor Application.
  • Users, Administrators and Auditors can operate from any location with Internet Access

Visual Guard Enterprise Edition – Private Mode

.NET applications with no direct access to the repository, communicating with the VG Server

Access Control Life Cycle

  1. Development
    Developers define permissions with the VG Win Console.
    Permissions are stored in a development repository.
    Developers deploy the permissions into production with a VG utility

  2. Administration
    Administrators manage Users and grant them permissions.
    They update the production repository with the VG Web Console

  3. Enforcement
    End-users log in to the .NET application.
    The VG runtime calls the VG Server to verify the user identity. The VG Server sends the user permissions back to the VG runtime The VG Runtime enforces user permissions by dynamically changing the application.


  4. Audit
    Auditors use a specific application provided with VG.
    They can control user attributes, roles and privileges across multiple systems. They can also review user operations.
permissions development
users and permissions management
Security enforcement
Security audit

Notes

  • Applications do not need a direct access to the database.
  • Neither do the Administration Console or the Auditor Application.
  • Users, Administrators and Auditors can operate from any location with an Internet Access

Visual Guard Enterprise Edition – Basic Mode

.NET applications directly accessing the repository. The VG Server is not installed in this configuration.

Access Control Life Cycle

  1. Development
    Developers define permissions with the VG Win Console.
    Permissions are stored in a development repository.
    Developers deploy the permissions into production with a VG utility

  2. Administration
    Administrators manage Users and grant them permissions.
    They update the production repository with the VG Web Console

  3. Enforcement
    End-users log in to the .NET applications.
    The VG Runtime queries the VG Repository to verify user identity.
    The VG Runtime retrieves the user permissions and enforces security by dynamically changing the applications.


  4. Audit
    Auditors use a specific application provided with VG.
    They can control user attributes, roles and privileges across multiple systems. They can also review user operations.

permissions development
users and permissions management
Security enforcement
Security audit

Notes

  • Applications need a direct access to the database.
  • Administration Console or the Auditor Application do NOT require such direct access.
  • Administrators and Auditors can operate from any location with Internet Access

Visual Guard Enterprise Edition – Mixed Mode

A combination of Basic, Private and Public Mode in the same production environment

Access Control Life Cycle

  1. Development
    Developers define permissions with the VG Win Console.
    Permissions are stored in a development repository.
    Developers deploy the permissions into production with a VG utility

  2. Administration
    Administrators manage Users and grant them permissions.
    They update the production repository with the VG Web Console.

  3. Enforcement
    • Some .Net applications access directly the repository
      (for instance webforms and webservices)
    • Other .Net applications call the VG Server in private mode
      (for instance Winform applications running on remote sites)
    • Other technolgies call the VG Server in Public Mode
      (for instance Java, C++, PHP or PowerBuilder applications).


  4. Audit
    Auditors use a specific application provided with VG.
    They can control user attributes, roles and privileges across multiple systems. They can also review user operations.
permissions development
users and permissions management
Security enforcement
Security audit

Notes

  • All the applications are secured by the same system, no matter the technology or the location of the user.
  • Administrators and Auditors can operate from any location with an Internet Access

Visual Guard Professional Edition for .NET

Access Control Life Cycle

  1. Development
    Developers define permissions with the VGConsole.
    Permissions are stored in a development repository.
    Developers deploy the permissions into production with a VG utility

  2. Administration
    Adlinistrators manage Users and grant them permissions.
    They update the VG repository with the VG Console

  3. Enforcement
    End-users log in the .Net application.
    The VG runtime queries the VG Repository to verify user identity.
    The VG runtime retrieves the user permissions and enforces security by dynamically changing the application.

  4. Audit
    Auditors can control user attributes, roles and priviledges across multiple systems with the VG Console.
    They can also review end-users operations.
Visual Guard for .NET Applications Architecture

Notes

  • Applications need a direct access to the database, as well as the VG Console.
  • Users, Administrators and Auditors can operate from any location with a LAN or Internet connexion