This chapter presents planning information for your Oracle Communications Contacts Server system and describes recommended deployment topologies that enhance security.
For more information about installing Contacts Server, see Contacts Server Installation and Configuration Guide.
Contacts Server is deployed within the application server.
When installing and configuring GlassFish Server, it is recommended to:
Use a non-root user account to install and run GlassFish Server
Configure HTTPS and disable HTTP
Configure the JMX Port for GlassFish Server to use SSL
Configure GlassFish Server to prevent Denial of Service (DoS) attacks
To configure and administer GlassFish Server security, see Oracle GlassFish Server Security Guide.
When installing and configuring WebLogic Server, it is recommended to:
Use a non-root user account to install and run WebLogic Server
Configure SSL Keystores and HTTPS port for Administration Server and Managed Server
Oracle WebLogic Server provides four keystore options in its configuration. However, Contacts Server supports only CustomIdentityandCustomTrust and CustomIdentityandJavaStandardTrust options. You can use one of these options.
Note:
Ensure to configure the Administration server and Managed servers similarly. It means you should configure the same options and certificates for the Administration Server and Managed servers.The keystores passwords must match with the password of the WebLogic Server Administration password.
Note:
Contacts Server is deployed on WebLogic Server only if the passwords of Keystores and WebLogic Server match.For more information about configuring and administering WebLogic Server Security, see WebLogic Server documentation: https://docs.oracle.com/middleware/12213/wls/wls-secure.htm
Contacts Server can use either MySQL Server or Oracle Database as the database for storing contact information. For information on how to install and configure either MySQL Server or Oracle Database, see Contacts Server Installation and Configuration Guide.
The installation prompts for authentication credentials for the following:
Database user
Application server's administrator
Directory Server manager (bind DN and password)
Contacts Server administrator
After the installation, configuring Contacts Server for a secure deployment involves the following procedure:
Note:
In the following steps, application server refers to the application server on which Contacts Server is deployed.Ensure that HTTPS is configured correctly on the front-end application server host:
Use a CA-signed certificate
Set SSL port to default port of 443 to ease client configurations
Change the fulluriprefix configuration option
Disable HTTP on the front-end application server host.
Ensure that JMX port for the application server uses SSL.
Enable LDAP SSL, if not previously done.
Enable secure notification mail submission.
Configure SSL on back ends.
Set up secure communication to the Contacts Server database
Set up secure communications to the remote document store
Add LDAP access control for Contacts Server.
See "Implementing Contacts Server Security" for more information.