Bookshelf Home | Contents | Index | PDF |
Siebel Security Hardening Guide > Securing the Network and Infrastructure > Securing Siebel Remote > Securing the Synchronization FrameworkThis topic outlines issues to consider and provides recommendations for securing the synchronization framework for Siebel Remote. In addition to implementing the suggestions in this topic, make sure that you assign the least privileges required to the Siebel service owner account on the Siebel Server that runs the Synchronization Manager component. For additional information, see Assigning Rights to the Siebel Service Owner Account. Authenticating the Mobile Web ClientBy default, the Synchronization Manager does not authenticate incoming Remote client requests to make sure that the client is valid. It is recommended that you configure your Siebel application to require that client requests are authenticated by setting the value of the Authentication Method parameter of the Synchronization Manager to one of the supported authentication methods: The synchronization session takes place through a fixed port that is dedicated to the Synchronization Manager; the default TCP/IP port number is 40400. The port number is set on the Synchronization Manager Server component and is then open in any firewall. Therefore, it is recommended that you change the default value of the port. Encrypting CommunicationsThe synchronization session can be managed using unencrypted communications, but it is recommended that you implement RSA or MSCrypto encryption. To use encryption, both the Siebel Server and the Remote client must enforce encryption in their connection parameters. To enable encryption, set the Encryption Type parameter of the Synchronization Manager Server component to RSA or MSCrypto and change the DockConnString parameter in the [Local] section of the client .cfg file to the same value. For additional information, see Siebel Remote and Replication Manager Administration Guide. Encrypting DX Transaction FilesSiebel Remote allows Mobile Web Clients to connect to a Siebel Server and exchange updated data and files during the synchronization process. The updated data is sent to or retrieved from the server in the form of .dx transaction files. To protect your data, encrypt the .dx files using any suitable third-party utility, such as Pretty Good Privacy (PGP), when the files are removed from the CAUTION: Implementing operating system-level encryption on the Using a VPN When Synchronizing Through the InternetIt is recommended that every synchronization session occur within the corporate firewall. If your deployment of Siebel Business Applications must support synchronization through the Internet from outside the firewall, then it is recommended that you use a Virtual Private Network (VPN). If there is a firewall on the network between the synchronization client and the Siebel Server, or between the VPN server and the Siebel Server, then the port for synchronizing with the Siebel Server must be opened on the firewall, and this port must be a port other than port 80. If a VPN connection is not used, then it is possible that your Internet Service Provider (ISP) or another host on the route might block communications on this particular port. For additional information, see Siebel Remote and Replication Manager Administration Guide. |
Siebel Security Hardening Guide | Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices. | |