beautypg.com

Google Search Appliance Managing Search for Controlled-Access Content User Manual

Page 63

background image

Google Search Appliance: Managing Search for Controlled-Access Content

63

9.

The search appliance queries the index and obtains a list of relevant results for Leslie’s query.

10. The search appliance checks the list to see whether any of the results require authorization and

filters the results based on which results Leslie is authorized to view.

11. The search appliance directs Leslie’s browser to a search results page that contains all results that

match the query “Island” that Leslie is authorized to view.

Use Case 4: Windows Authentication with Kerberos
Tickets for Secure Serve

AlphaLyon has decided to upgrade older servers and implement a new security policy that uses
Integrated Windows Authentication (IWA) on all machines throughout their internal domain. The
domain controller is a Windows server named hal.alphalyon.com.

AlphaLyon is going to upgrade the following servers:

products.alphalyon.int is a simple web server that uses HTTP Basic authentication. This server
contains information about the company’s products.

news.alphalyon.int is a Microsoft IIS web server that uses NTLM HTTP. This server contains news
announcements.

emp.alphalyon.int is another Microsoft IIS server that uses NTLM HTTP. It provides internal
information about employees, such as email addresses and phone numbers.

sales.alphalyon.int is a web server that uses HTTP Basic authentication. This server stores
general information used by everyone on the sales team.

customers.alphalyon.int is a Microsoft IIS server that uses NTLM HTTP. It stores customer
directory information, such as phone numbers and addresses.

Our search appliance administrator, Tanya, wants to use Kerberos authentication to enable the search
appliance to silently authenticate the user without requiring an HTTP Basic login box.

This use case is based on the following assumptions:

Tanya has already set up crawl and index for the protected content by providing the search
appliance with credentials on Crawl and Index > Crawler Access.

The following two servers have been crawled with Make Public selected:
products.alphalyon.int and news.alphalyon.int and their content is public. Content on the
other servers is secure.

The search appliance has already indexed the protected content.

Once again, AlphaLyon has these people who interact with this content:

Ashish, the system administrator

Tanya, the search appliance administrator

Eric, an employee who needs to find content

Salim, a sales manager who needs to find information on pricing for the upcoming “AlphaLyon
Product” release.