This chapter presents planning information for your Oracle Communications Calendar Server system and describes recommended deployment topologies that enhance security.
For more information about installing Calendar Server, see Calendar Server Installation and Configuration Guide.
Calendar Server is deployed in the application server.
When installing and configuring GlassFish Server, it is recommended to:
Use a non-root user account to install and run GlassFish Server
Configure HTTPS and disable HTTP
Configure the JMX port for GlassFish Server to use SSL
Configure GlassFish Server to prevent Denial of Service (DoS) attacks
To configure and administer GlassFish Server security, see Oracle GlassFish Server Security Guide.
When installing and configuring WebLogic Server, it is recommended to:
Use a non-root user account to install and run WebLogic Server
Configure SSL Keystores and HTTPS port for Administration Server and Managed Server
Oracle WebLogic Server provides four keystore options in its configuration. However, Calendar Server supports only CustomIdentityandCustomTrust and CustomIdentityandJavaStandardTrust options. You can use one of these options.
Note:
Ensure to configure the Administration server and Managed servers similarly. It means you should configure the same options and certificates for the Administration Server and Managed servers.The keystores passwords must match with the password of the WebLogic Server Administration password.
Note:
Calendar Server is deployed on WebLogic Server only if the passwords of Keystores and WebLogic Server match.For more information about configuring and administering WebLogic Server Security, see WebLogic Server documentation: https://docs.oracle.com/middleware/12213/wls/wls-secure.htm
Calendar Server can use either MySQL Server or Oracle Database as the database for storing contact information. For information on how to install and configure either MySQL Server or Oracle Database, see Calendar Server Installation and Configuration Guide.
The installation prompts for authentication credentials for the following:
Database user
Application server's administrator
Directory Server manager (bind DN and password)
Calendar Server administrator
After the installation, configuring Calendar Server for a secure deployment involves the following procedure:
Note:
In the following steps, application server refers to the application server on which Calendar Server is deployed.Ensure that HTTPS is configured correctly on the front-end application server host:
Use a CA signed certificate
Set SSL port to default port of 443 to ease client configurations
Change the fulluriprefix configuration option
Disable HTTP on the front-end application server host.
Ensure that JMX port for the application server uses SSL.
Enable LDAP SSL, if not previously done.
Enable secure notification mail submission.
Configure SSL on back ends.
Set up secure communication to the Calendar Server database.
Set up secure communications to the remote document store.
Add LDAP access control for Calendar Server.
See "Implementing Calendar Server Security" for more information.