Safety Management

StreamGroomers

To ensure optimum security, StreamGroomers can only be reached across the network via the MMS (with the exception of ICMP and SNMP services). In addition, all management flows are exchanged via a dedicated Ethernet port that can be positioned in an out-of-band network.

Exchanges between MMS and StreamGroomers are secured as follows:

• SGs never call the MMS, which therefore does not accept incoming connections from probes. SGs must therefore be declared in the MMS in order to be managed.
• The MMS address is checked when the connection is received by the MMS. The SG refuses to respond to an SGM dialog from an undeclared address.
• Exchange flows between MMS and SGs can be SSH encrypted
• Strong certificate authentication can be deployed on SGs
• Non-essential ports are closed
• It is possible to disable the SG ping response.

StreamGroomer Manager

An integrated firewall lets you define which services are open on the MMS (telnet, SSH, FTP, Rlogin/rsh, SNMP, ICMP) and restrict access to certain IP addresses or subnets.

The MMS is mainly used through web applications in HTTP or HTTPS. A user can be authenticated locally on the MMS or through interaction with a RADIUS or LDAP server. User access rights management is centralized on the MMS.