This chapter presents planning information for your Oracle Communications Messaging Server system and describes recommended installation guidelines that enhance security.
For more information about installing Messaging Server, see Messaging Server Installation and Configuration Guide.
The following infrastructure components should be installed and secured prior to Messaging Server installation. You must understand how all components in the infrastructure communicate so that you can apply appropriate security measures to every interconnect.
Directory Server: Messaging Server connects to the Oracle Directory Server Enterprise Edition, an LDAP-based directory server for user and group information and for provisioning. See the discussion about enhanced security in Oracle Fusion Middleware Evaluation Guide for Oracle Directory Server Enterprise Edition.
Directory Server Setup Script: The comm_dssetup.pl script prepares the Directory Server for Messaging Server installation.
High Availability Planning: Plan your deployment to tolerate failure of any one component. The approach to achieve high availability for store machines differs between classic message store and Cassandra message store.
DNS Server: You must ensure that Domain Name System (DNS) is running and configured properly. For details, see Messaging Server Installation and Configuration Guide.
File System: See the discussion about recommended file systems for message stores in Messaging Server Installation and Configuration Guide.
In addition to dependent products, it is equally important to secure the other components within Unified Communications Suite for secure Messaging Server deployment.
Review the following guidelines for components that impact Messaging Server security:
Convergence: See the discussion about the overview of Convergence security in Convergence Security Guide for more information.
Connector for Microsoft Outlook: See Connector for Microsoft Outlook Security Guide for more information.
Indexing and Search Service: See Indexing and Search Service Security Guide for more information.
Contacts Server: See Contacts Server Security Guide for more information.
Delegated Administrator: See Delegated Administrator Security Guide for more information.
The installation prompts for the following authentication credentials:
User Name and Group Name for Server Processes
Directory Server manager (bind DN and password)
Password for server administration
By default, when you install and configure Messaging Server, SMTP relay blocking is enabled. That is, Messaging Server rejects attempted message submissions to external addresses from unauthenticated external sources (external systems are any other system than the host on which the server itself resides). This default configuration is quite aggressive in blocking SMTP relaying in that it considers all other systems to be external systems.
Other post-installation steps to configure Messaging Server for a secure installation include:
Installing Messaging Server provisioning tools
Enabling startup after a reboot
Enabling SSL
For instructions about the first two items, see the discussion about the Messaging Server initial configuration in Messaging Server Installation and Configuration Guide. See "Security and Access Control in Messaging Server" for information about enabling Messaging Server components for SSL.
Note:
Once installation is complete, Oracle recommends encrypting and moving the initial state files and configure.ldif file, if generated.