Stealth provides both unparalleled security and incredible flexibility. This topic provides overall guidelines on using Stealth in a ClearPath Forward fabric.

General Stealth Security Considerations

Stealth COIs can be defined as needed to provide the required security for the environment. You can create multiple COIs to enable various levels of security and install Stealth endpoint software on all components in the environment, or you can Stealth-enable a limited number of components and allow all other systems to use clear text communication. You can use Stealth filters to further refine the traffic that can be communicated between Stealth-enabled and non-Stealth enabled components.

It is important to define the scope of the Stealth enclave, which servers and workstations it includes, and which other systems need to be communicated with using clear text communication (including Infrastructure services, the Fabric Management Platform, Active Directory (AD) server, DHCP servers, and so on). However, the scope of the Stealth enclave is completely variable, depending on the needs of the particular environment.

See the Stealth documentation for more information.

Stealth Management Components

The Stealth management components can be installed in ClearPath Forward partitions that meet the operating system and software requirements for each of these components. Alternatively, these Stealth components can be installed outside of the ClearPath Forward system and connected to the ClearPath Forward fabric using the customer LAN.

Stealth Endpoints

Stealth endpoint software can be installed on any ClearPath Forward partition or other physical or virtual system in the environment that runs a supported Windows or Linux operating system. You install the Stealth endpoint software on a ClearPath Forward partition as you would any other configured system running Windows or Linux.

If the environment includes servers that cannot run the Stealth endpoint software (because they do not run supported Windows or Linux operating systems), the Stealth Secure Virtual Gateway can act as a gateway to traffic in the network.

See the Stealth documentation for the full list of supported operating systems as well as more information about the Secure Virtual Gateway.

Deploying Stealth on the ClearPath Forward Fabric

The ClearPath Forward fabric includes an InfiniBand-based Interconnect. Note the following regarding the use of InfiniBand for Stealth communications:

Stealth Licensing

You can use the Stealth endpoint software on as many ClearPath Forward partitions or other systems as allowed by the licensing agreement with Unisys.

Components in your environment use a different category of Stealth license depending on the operating system. For the ClearPath Forward fabric, your order includes Server licenses for servers running Windows and Linux server operating systems. Depending on your environment needs, your order might also include Client licenses for workstations running Windows and Linux client operating systems.

See the Stealth documentation for more information about licensing.

Applicable Stealth Features

All of the standard features of Stealth are available in a ClearPath Forward environment, but some features do not apply to ClearPath Forward partitions in a typical configuration.

In a typical environment, access is controlled using user names and passwords (rather than smart cards or one-time passwords); therefore, any information regarding smart cards and one-time passwords does not apply.