Secure Server Connections

Infrastructure

The system availability is achieved by building acceptable level of redundancy with High-Availability Controller (HAC) managed with the IA tool: creating instances of virtual units with appropriate software packages on reasonable number of physical servers.

Reserve a specific administration workstation in the server network for running IA with editing rights (HAC Administrator Users). The administration connection to HAC nodes can be configured to use ports other than the ones the HAC nodes use when communicating with other HAC nodes. Also this administration connection can also be secured.

Users with HAC View-only Administration User rights can be located also on the office network, especially when separate administration port and secured connection between IA and HAC nodes are used.

Notice that optional user names and passwords for running Windows services are not encrypted in the IA tool.

To Acquire Maximum Safety:

• Define secure connection between HAC nodes.

• Define secure connection between HAC nodes and the administrative workstation where the Infrastructure Administrator (IA) tool is run.

• Define Windows user accounts without any rights to be used as HAC Administration Users (both the ones with editing rights and view-only users).

• Do not allow communication between HAC nodes (HAC-HAC communication) to be reached from outside the server network, and separate this communication from the administration communication (HAC-IA communication) by using different ports.

• Define secure connection towards databases. Configure them at operating system and SQL server.

  Note:

  Cryptographic protocol TLS 1.1 and older are deprecated. TLS 1.2 supported as of FP14, for Email Sender and OII as of FP16.