This scenario illustrates the ability to choose TCP/IP as the transport when it is appropriate. In some cases, when two servers are on the same Virtual Private Network (VPN), it can be appropriate to select TCP/IP as the transport for performance reasons because the VPN already encrypts the message.
Configuring C
C requires message layer authentication with an SSL transport:
Configuring the S1 server
In the administrative console, the S1 server is configured for incoming requests to support message layer client authentication and incoming connections to support SSL without client certificate authentication. The S1 server is configured for outgoing requests to support identity assertion.
It is possible to enable SSL for inbound connections and disable SSL for outbound connections. The same is true in reverse.
Configuring the S2 server
In the administrative console, the S2 server is configured for incoming requests to support identity assertion and to accept SSL connections. Configuration for outgoing requests and connections are not relevant for this scenario.