2 Performing a Secure Convergence Installation

This chapter presents planning information for installing Oracle Communications Convergence securely.

Installing Infrastructure Components Securely

Convergence is deployed within a GlassFish server domain. When installing and configuring Oracle GlassFish Server:

  • Configure HTTPS and disable HTTP

  • Configure the JMX Port for the GlassFish server to use SSL

  • Configure the GlassFish server to prevent Denial of Service (DoS) attacks

To configure and administer GlassFish Server security, see Oracle GlassFish Server Security Guide.

Installing Third-Party Service Applications Securely

To provide its services, Convergence connects to other applications. The following applications must be installed securely.

  • Convergence uses Oracle Communications Messaging Server to provide email services. See Messaging Server Security Guide for information about installing Messaging Server securely.

  • Convergence can use Oracle Communications Contacts Server to provide address book services. See Contacts Server Security Guide for information about installing Contacts Server securely.

  • Convergence uses Oracle Communications Instant Messaging Server to provide instant messaging services. See Instant Messaging Server Security Guide for information about installing Instant Messaging Server securely.

  • Convergence uses Oracle Communications Indexing and Search Service to provide email attachment indexing and search services. See Indexing and Search Service Security Guide for information about installing Indexing and Search Service securely.

  • Convergence uses Oracle Communications Calendar Server to provide calendar services. See Calendar Server Security Guide for information about installing Calendar Server securely.

  • Convergence uses Oracle Outside In Technology to provide preview services of many common attachment types. See the Oracle WebCentre Content documentation for information about installing Outside In Technology securely.

  • Convergence uses Oracle Communications WebRTC Session Controller to deliver real-time collaboration capabilities over the Web. See the WebRTC Session Controller documentation for information about performing a secure installation.

Credentials Needed to Install Convergence Components

If you are installing the Messaging Server webmail server component on the same host as Convergence, the Messaging Server installation asks for the following credentials:

  • System user who will own the configuration files

  • System group that will own the configuration files (of which system user is a part)

  • Directory Server manager (bind DN and password)

  • Messaging Server account passwords

The Convergence configuration program prompts for authentication credentials for the following:

  • GlassFish Server administration server port number

  • GlassFish administration user name and password

  • User/Group Directory Server manager (bind DN and password)

  • Webmail SSL port number

  • Webmail Administration user ID and password

  • Access in SSL mode between Messaging Server and Convergence

  • Calendar Server SSL port number

  • Calendar Administration user ID and password

  • Access in SSL mode between Calendar Server and Convergence

  • IM Httpbind component JID and password

  • IM Avatar component JID and password

  • Convergence administrator user name and password