beautypg.com

Information gathering – Google Search Appliance Security User Manual

Page 5

background image


5

accommodate different applications when acquiring contents. The process generally involves using a
system or super user account with broad access to the content source so that all the documents can be
indexed by the GSA.

Serve time authentication

Serve time authentication is the integration between the search appliance and the end user. It can be the
same authentication protocol as used by one of the content sources, but it doesn’t have to be. Sometimes
multiple authentication protocols are required in order to support the authorization of different content
sources. However, you should always ask yourself the following questions:

● What authentication protocols are available in the customer’s environment?

● How can I minimize the authentication mechanisms used during serving? Can I reduce it to

just one?

● How can I minimize the impact on end users? Can authentication be silent?

Serve time authorization

Each content source uses its own security policies and infrastructure to authorize access to its
information. Based on the information you gathered about the content sources, you select the
authorization mechanisms based on answers to the following questions:

● What authorization mechanisms are possible for the given content source?

● Which mechanism gives the best performance?

● What needs to be implemented for the content acquisition process in order to support this

mechanism?

Although serve time authentication happens before authorization during serving, you should evaluate the
authorization options FIRST. What is required for authorization generally decides what authentication
mechanisms you should consider. In any case, these three processes are interrelated and you have to
consider the implications of every decision.

Information Gathering

Google recommends that you take the following actions during initial analysis:

Clarify all requirements related to security, even potential future needs that are not currently part
of the scope of the project, but might be considered for a future phase.

If one of the requirements is silent authentication, make sure that it is feasible to provide it before
committing to it.

Identify the security mechanisms certified by your organization. Is there a Single Sign-On (SSO)
system? Is Kerberos enabled?

See also other documents in the category Google Software: