The instructions provided below are a summarized account of how to configure a VTS/IS to accept VIC Connections. Detailed instructions for each step after the first are provided in later sections.
Step 1: Create a User Account for Each Remote User in Each Application
Within each application to which remote users should have access, you must create a user account and password. Instructions on doing so are provided below:
1. Run the application on the VTS/IS.
2. Logon to the application with a user account that has at least the Manager privilege.
3. Create a user account for each of your intended remote clients. Ensure that each user account has at least the Internet Client Access privilege granted to it (see Internet Client Access Privilege).
Having granted access to at least one application for a list of selected operators, the next step is to make that application available on your VTS/IS.
Step 2: Establish a Realm Containing One or More Applications to Which Users Should Have Internet Access
In short, a realm is a named list of one or more applications, to be made available to VIC connections.
Note: If a realm is to contain script applications, it must also contain at least one standard application. Clients cannot connect to a realm composed entirely of script applications.
For full instructions to configure a realm, see: Realms.
Step 3: Establish the Local PC as the VTS Internet Server
To establish your PC as a VTS/IS, you must assign it a port through which communications may occur. If you have a remote application with more than one VTS/IS server configured, you may also set up redundant operation parameters. Full instructions follow in the section VTS Internet Servers.
Note: You may configure a realm or a VTS/IS on any port you desire; however, if operating over a public network (e.g. the Internet), you will likely have to traverse firewalls and other security mechanisms. Configuring a realm or VTS/IS to operate on other than the standard ports (port 80 for plain text HTTP, or port 443 for SSL-secured HTTPS), will likely require special configuration of such interposing security mechanisms. It is therefore advisable to operate on the standard ports whenever possible.
Step 4: Establish the VTS/IS Security parameters
Access to the VTS Internet Server is protected by the username/password credentials held for each application by SecurityManager. This is the sole protection that is afforded to a VTS Internet Server from un-authorized access. Therefore, these credentials must be securely guarded.
When credentials are transmitted between the VIC and the server, the username and the password are both transmitted, Base64-encoded. The encoding is public knowledge and is entirely reversible, i.e. the username and password can be easily extracted.
Security is provided by employing a Secure Socket Layer (SSL). This establishes an encrypted communications connection that is secure against decryption, replay attacks and many other hacking attempts. It is generally accepted that 128-bit SSL is sufficiently secure for financial transactions.
It is strongly recommended that all systems that use the VIC over a WAN employ SSL to secure their communication. Full instructions follow in the section VTS Internet Server Security.