Security Considerations
You can act to ensure that your installation is secure and set up user access controls.
- Enabling security during the installation process
- Enabling secure communication between multiple applications
- Ports, protocols, and services
- Keystores for SSL communication and for encrypting secure properties
- Customizing your security settings
- Setting up user roles and access
Enabling security during the installation process
During the installation process, by default the server is configured to use Secure Sockets Layer (SSL) for secure communication. The server is configured to use SSL in both manual and silent installations. In addition to SSL communication, role-based access controls are available that determine what actions a particular user can do.
In general, you configure security on the application server or the database server, not in Deploy. Deploy communicates with the database by using the Java™ Database Connectivity (JDBC) provider on the application server.
To learn about configuring Lightweight Directory Access Protocol (LDAP) authentication, see Authentication realms.
Enabling secure communication between multiple applications
You can use tokens to secure communications between products that integrate with Deploy. To learn more about tokens, see Tokens.
Ports, protocols, and services
The following table shows the default port numbers for the server.
Port type | Default port number |
---|---|
Incoming connections to the server web interface (HTTPS) | 8443 |
WebSocket agent | 7919 |
Communication with the Common Licensing server | Port 27000 for the lmrgd daemon. The port numbers for
the vendor daemon can change, but are typically between
27001 and 27009. See your Common Licensing server for the active ports. |
Keystores for SSL communication and for encrypting secure properties
Deploy supports multiple keystores, which support different security features. The following list describes the default keystores.
- tomcat.keystore
- The certificate for SSL communication on the HTTPS port of the Deploy server is stored in the tomcat.keystore file.
- encryption.keystore
- The secret key that is used to encrypt and decrypt secure properties is stored in the
encryption.keystore file. If you
export applications and components that use secure properties to
other Deploy servers, you must exchange the contents of this keystore
between the servers. The secret key in the
encryption.keystore file is randomly
generated during installation. The password is stored in the
encryption.keystore.password
property, and its initial value is the same as theserver.keystore.password
property value. AES-256 is the default encryption level. At the time of installation and upgrade, new keys are generated as AES-256 and set to default.
For more information on keystores and certificates, see Configuring SSL on Apache Tomcat and LDAP servers.
Customizing your security settings
The user ID that is created by default is admin for the server.
To change the password for admin, in the server, click Internal Authentication authentication realm.
. To change the password for ucdpadmin, click and select theFailed login attempts are stored in the database. Except for the default admin password, all passwords are stored in encrypted form in the database. After you change the default admin password, it is also stored in encrypted form.
Setting up user roles and access
You can create and delete users and add users to groups and teams in Deploy. To learn more, see Managing Security. On the server, the superuser account with special security privileges is admin.