The most important challenge is about security. How can an enterprise be sure that only Convertigo Cloud only will access some of the precious enterprise resources? The problem can be solved by using two techniques:
Convertigo Cloud servers will always be in a fixed IP address range. Firewalls should be configured to reject any call coming from outside this range. Any IP address range modification will notified to Convertigo Cloud customers by mail. This security setting would be enough to limit access to an enterprise’s resources from Convertigo Cloud, but in this case any Convertigo Cloud customer would have access to any enterprise’s protected resources. This is why we also use a client SSL certificate to limit access to a given cloud customer.
Also, having precious data transferred on the Internet is not suitable for most of the enterprises. This is why all traffic should be made using the SSLv3 protocol. Convertigo Cloud supports most of the protocols over SSL:
That is why firewalls should be configured to only accept SSLv3 connections and to check a given client certificate. Convertigo Cloud supports one unique client certificate by enterprise customer. This means that only a given enterprise’s Convertigo Cloud will be able to connect to its enterprise network. This SSL Client certificate has to be provided by the Enterprise and is mandatory for any Convertigo Cloud subscription.
