Visual Guard

Visual Guard Architecture

Visual Guard is a flexible solution that complies with most architectures and technical requirements.
Below are several examples of possible implementations:

Visual Guard Enterprise Edition - Public Mode
Visual Guard Enterprise Edition - Private Mode
Visual Guard Enterprise Edition - Basic Mode
Visual Guard Enterprise Edition - Mixed Mode
Visual Guard Professional Edition for .NET

Visual Guard Enterprise Edition – Public Mode

VG Server Exposes Web Services to secure multiple technologies with the same system

Access Control Life Cycle

initial deployement Development

Developers define permissions with the VG Win Console.
Permissions are stored in a development repository.
Developers deploy the permissions into production with a VG utility
  permissions development
Daily IAM Management Administration

Administrators manage Users and grant them permissions.
They update the production repository with the VG Web Console
  users and permissions management
Subsequent Deployments Enforcement

VG Server exposes Web Services for User Authentication and Access Control.
Applications call VG Web Services to verify the user identity and check his access Privileges.
Each operation performed by the user is logged in the VG Repository.
  Security enforcement
Subsequent Deployments Audit

Auditors use a specific application provided with VG.
They can control user attributes, roles and privileges across multiple systems. They can also review user operations.
  Security audit

Notes

  • Any windows or web application capable of SOAP calls or HTTP Requests is supported.
  • Applications do not need a direct access to the database.
  • Neither do the Administration Console or the Auditor Application.
  • Users, Administrators and Auditors can operate from any location with Internet Access

 

Top

Visual Guard Enterprise Edition – Private Mode

.NET applications with no direct access to the repository, communicating with the VG Server

Access Control Life Cycle

initial deployement Development

Developers define permissions with the VG Win Console.
Permissions are stored in a development repository.
Developers deploy the permissions into production with a VG utility

  permissions development
Daily IAM Management Administration

Administrators manage Users and grant them permissions.
They update the production repository with the VG Web Console

  users and permissions management
Subsequent Deployments Enforcement

End-users log in to the .NET application.
The VG runtime calls the VG Server to verify the user identity. The VG Server sends the user permissions back to the VG runtime The VG Runtime enforces user permissions by dynamically changing the application.
  Security enforcement
Subsequent Deployments Audit

Auditors use a specific application provided with VG.
They can control user attributes, roles and privileges across multiple systems. They can also review user operations.
  Security audit

Notes

  • Applications do not need a direct access to the database.
  • Neither do the Administration Console or the Auditor Application.
  • Users, Administrators and Auditors can operate from any location with an Internet Access


Top

Visual Guard Enterprise Edition – Basic Mode

.NET applications directly accessing the repository. The VG Server is not installed in this configuration.

Access Control Life Cycle

initial deployement Development

Developers define permissions with the VG Win Console.
Permissions are stored in a development repository.
Developers deploy the permissions into production with a VG utility
  permissions development
Daily IAM Management Administration

Administrators manage Users and grant them permissions.
They update the production repository with the VG Web Console
  users and permissions management
Subsequent Deployments Enforcement

End-users log in to the .NET applications.
The VG Runtime queries the VG Repository to verify user identity.
The VG Runtime retrieves the user permissions and enforces security by dynamically changing the applications.
  Security enforcement
Subsequent Deployments Audit

Auditors use a specific application provided with VG.
They can control user attributes, roles and privileges across multiple systems. They can also review user operations.

  Security audit

Notes

  • Applications need a direct access to the database.
  • Administration Console or the Auditor Application do NOT require such direct access.
  • Administrators and Auditors can operate from any location with Internet Access

Top

Visual Guard Enterprise Edition – Mixed Mode

A combination of Basic, Private and Public Mode in the same production environment

Access Control Life Cycle

initial deployement Development

Developers define permissions with the VG Win Console.
Permissions are stored in a development repository.
Developers deploy the permissions into production with a VG utility

  permissions development
users and permissions management
Security enforcement
Security audit
Daily IAM Management Administration

Administrators manage Users and grant them permissions.
They update the production repository with the VG Web Console.
 
Subsequent Deployments Enforcement
  • Some .Net applications access directly the repository
    (for instance webforms and webservices)
  • Other .Net applications call the VG Server in private mode
    (for instance Winform applications running on remote sites)
  • Other technolgies call the VG Server in Public Mode
    (for instance Java, C++, PHP or PowerBuilder applications).
 
Subsequent Deployments Audit

Auditors use a specific application provided with VG.
They can control user attributes, roles and privileges across multiple systems. They can also review user operations.
 

Notes

  • All the applications are secured by the same system, no matter the technology or the location of the user.
  • Administrators and Auditors can operate from any location with an Internet Access

 

Top

Visual Guard for .NET Applications Architecture

Top