Oracle® Communications WebRTC Session Controller Security Guide Release 7.0 E40975-01 |
|
|
PDF · Mobi · ePub |
This chapter presents planning information for your Oracle Communications WebRTC Session Controller system and describes recommended deployment topologies that enhance security.
For more information about installing WebRTC Session Controller, see Oracle Communications WebRTC Session Controller Installation Guide.
When installing WebRTC Session Controller, do the following when you create the WebLogic Server domain for WebRTC Session Controller:
Disable all non-SSL ports to secure all communication between components, and JCA and JMS collection, over SSL ports.
Make sure that SSL ports are being used on the administration server and all managed servers.
If installing WebRTC Session Controller on a cluster of servers, configure the cluster addresses to use SSL ports.
After you have created the WebLogic Server domain for WebRTC Session Controller, start the administration server. Then, use t3s to start the managed servers:
startManagerServer.sh ManagedServer_1 t3s://host_name
where ManagedServer_1 is the name of the first managed server, and host_name is the host name of the administration server.
Using the WebLogic Administration Console, configure certificate identity and trust store to use SSL. Do not use the default, demonstration certificate that comes with WebLogic Server. See the WebLogic Server security and system administration documentation for more information.
Access to files created during the installation is limited. The user who performs the installation will have write access to those files created during installation.
Oracle recommends having strong password policies for WebRTC Session Controller. Consider enforcing the following password policies:
Passwords should have a minimum of eight characters.
Passwords must contain at least one digit, one capital letter, and one special character.
The user name must not be part of the password.
Stricter rules can be set for the authentication provider using the WebLogic Administration Console. For details on authentication providers and their configuration, refer to the discussion on securing Oracle WebLogic Server in the WebLogic Server documentation.
See Oracle Communications WebRTC Session Controller System Administrator's Guide for information about changing and setting WebRTC Session Controller passwords.
This section explains security configurations to complete after WebRTC Session Controller is installed.
Create WebRTC Session Controller user accounts and configure them to lock after a certain number of failed login attempts, and to expire after a certain period of idle time.
See Oracle Communications WebRTC Session Controller System Administrator's Guide for information about changing and setting WebRTC Session Controller passwords.
For secure communication between WebLogic Server and an external LDAP, enable SSL on both the external LDAP authentication provider and the corresponding WebLogic Security Provider. SSL on the WebLogic security provider is enabled from the WebLogic Administration Console.
For information about secure communication between WebLogic Server and an external LDAP authentication provider, see Oracle Fusion Middleware Securing Oracle WebLogic Server.