In the following figure the physical Components of the Solution are shown organized depending on their location: Front-End or Demilitarized Zone, Back-End with other internal corporate services such as Active Directory, etc. and client computers.
Front-End Protection Servers (DMZ)
SealPath is based on Microsoft Rights Management Services technology. That’s why SealPath Protection Servers works over Windows Server 2008 R2 (or Windows Server 2012) where Rights Management Services role is enabled. The SealPath’s information protection services run in these servers.
These servers are located in the demilitarized zone and are composed by different web services: Authentication, Protection/Encryption services, etc.
In a corporate Infrastructure with high-availability it is recommended to deploy them in a different location than the front-end protection servers, although for smaller deployments the can be installed in the same machine than the protection servers.
SealPath works with Microsoft SQL Server 2008 R2 (SQL Server 2012) database engine. The SealPath’s database can be deployed in a dedicated server on Windows Server 2008 R2 (Windows Server 2012) platform or can be deployed in a SQL Server 2008 R2 shared by other systems or applications.
Active Directory or LDAP
SealPath does not install any kind of software or agent in the Active Directory server, but in an On-Premise deployment it integrates with the corporate Active Directory or LDAP. Microsoft Rights Management Services integrated in Active Directory is used by SealPath to provision users and groups in the system, manage user credentials validating them with the AD, protect information for users and groups, and create specific protection policies for users and groups.
Clients in the internal network
There are three types of users inside corporate perimeter::
- Protector users: They use SealPath Desktop to protect information.
- Consumption only users: They use Microsoft Office, Adobe/Foxit and SealPath Lite.
- Administrator: Uses SealPath’s web administration tool to configure the system.
The protector users can work with Windows desktop/laptops (XP SP3, Vista, 7, 8, 8.1, Server 2003-2012) to protect documents. The consumers can access to the protected documents from Windows, Mac or mobile platforms (iOS, Android).
Clients outside network perimeter
Clients that are outside the corporate perimeter can be:
- Roadwarriors or internal users that access documents from outside.
- External users to the company which protected documents are shared with.
The internal users that access documents from outside can be protector users or Consumers, or even an administrator accessing to the web control panel. They are the same types of users described in the previous version, but connecting from outside.
External users are usually consumers of protected documents that have been shared by corporate users. They are in other networks and companies and use Microsoft Office, Adobe/Foxit with SealPath Lite to access protected documents.