MediationZone can be configured to use secure and authenticated communication between the different, distributed parts of the system.
X.509 certificates are used to ensure the authenticity of the client and server and TLS is used to encrypt the information passed between the client and the server.
All communication between the Access, Control, and Execution Zones can be configured in this manner. Additionally, the communication between the different services in the Control Zone can also be configured to use this capability.
MediationZone also supports encryption of all or a selection of configuration items. Encrypted configurations can be executed according to the access control profile of the user, but can never be read or modified without providing the password provided at the time of encryption. This mechanism is useful to enforce Intellectual Property Rights (IPR) protection, as well as to make sure that an end user cannot read or make modifications to an approved and tested configuration. Encrypted configurations will not be possible to view after a System Export operation.
MZ on AWS
MZ on AWS is installed as a secure VPC (Virtual Private Cloud), and requires allowed IP address ranges to be registered prior to login. Data sent to and from MZ can be encrypted/decrypted to conform to legislation on data protection. Besides the data-in-motion protection described in the previous section, the relevant back-ends ('data-at-rest') can be encrypted.