Securing the Unwired Server Environment

Because frontline users use Unwired Platform to access enterprise data, you must set up security mechanisms that restrict access to authenticated users and protect communication streams (file downloads, synchronization, and administration) from tampering.

You must protect data at two levels: data access and data transport.

Note: Sybase strongly recommends that you use a common authentication provider for Afaria, Unwired Server, and Sybase Control Center. Otherwise, user names and password used to authenticate users from mobile clients and Unwired Server administration and Afaria may not work seamlessly. Afaria and Unwired Server can share LDAP and NativeOS security; however, only LDAP can be used by all three components. Configuration details between the components must match; otherwise, single sign-on does not work.
Each component implements security mechanisms differently.
  • For Unwired Server, use Sybase Control Center to configure the provider by clicking Security > Configuration then configuring the information in the Authentication tab.
  • For Sybase Control Center, edit the <UAF-install-dir>\conf\csi.properties file.
  • For Afaria, enable authentication and select the appropriate naming attribute. Depending on your system configuration, you might also need to run <UnwiredPlatform_InstallDir>\Servers\Afaria\bin\XSDirectorySetupWizard.exe to manually set up Afaria and Unwired Server to share the same repository.
  1. Securing Access to Sybase Control Center
    To secure the administration of Unwired Server in Sybase Control Center, ensure you have enabled LDAP authentication for this administration tool as well as set up the roles and passwords for in the directory. Sybase recommends that Sybase Control Center, Unwired Server, and Afaria all share the same LDAP directory to enable single sign-on functionality among these Unwired Platform components.
  2. Securing Access to Data
    Secure access to data by choosing one or more security providers to which you wish to delegate authentication, authorization, auditing, attribution, and role mapping authority. You can create and configure these security provider definitions in Sybase Control Center for Unwired Platform.
  3. Encrypting Unwired Server Communication Streams
    Optional. Enable an SSL encrypted port to secure Unwired Server synchronization, admistration, and file-based download streams (with Afaria Server). SSL and HTTPS rely on the use of digital certificates, which are typically verified and signed by third-party trusted authorities.
Parent topic: Configuring Unwired Server for a Production Environment
Previous topic: Configuring Unwired Server Properties
Next topic: Configuring High Availability

Created September 17, 2009. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com