This chapter provides an overview of the DIVA Enterprise Connect product and explains the general principles of application security.
Oracle DIVA Enterprise Connect is a standards based Web Service API implemented on the Oracle WebLogic Suite. DIVA Enterprise Connect interacts with the Oracle DIVArchive and Oracle DIVAnet systems, acting as a web service binding for the DIVArchive API. DIVA Enterprise Connect provides a client computer with a language and operating system independent method of submitting requests to archive, restore, copy, or delete content. It allows clients to gather information about archived objects and media, and manage archive devices (for example, tape libraries and disk arrays). The DIVA Enterprise Connect platform consists of Oracle WebLogic, installation and administration scripts, data files, and configuration. The installation scripts assist in installing and configuring the DIVA Enterprise Connect platform.
Oracle DIVArchive is a Content Management Solution specifically engineered for archiving, tracking, and restoring large amounts of rich media and broadcast digital assets. It integrates with a multitude of industry standard software, archive media, transfer protocols, hardware platforms, and the Cloud. Oracle DIVArchive enables organizations to manage the lifecycle of their digital assets through automated policies that move data to the appropriate tier of storage based on access patterns, age, and storage utilization.
Oracle DIVAnet provides a unified view of archived digital assets across multiple, distributed DIVArchive systems, and the Cloud. It facilitates moving content back and forth among DIVArchive sites, and to and from customer Source/Destination servers and disks. DIVAnet performs its tasks for disaster recovery, content distribution, access control, performance, and content availability. By connecting to multiple DIVArchive sites, DIVAnet creates a virtual archive system that spans geographical locations.
For more information about DIVArchive and DIVAnet, see the Oracle DIVArchive 7.5 documentation library, and the Oracle DIVAnet 2.2 documentation library.
Oracle WebLogic Server is an Application Server framework based on the Oracle Java 2 Platform, Enterprise Edition (J2EE) version technologies. J2EE is the standard platform for developing multitiered enterprise applications based on the Java programming language. WebLogic Server J2EE applications are based on standardized, modular components. WebLogic Server provides a complete set of services for those modules and handles many details of application behavior automatically, without requiring programming.
WebLogic Server includes a security architecture that provides a unique and secure foundation for applications that are available through the web. By taking advantage of the security features in WebLogic Server, enterprises benefit from a comprehensive, flexible security infrastructure designed to address the security challenges of making applications available on the web. You can use WebLogic security standalone to secure WebLogic Server applications, or as part of an enterprise-wide, security management system that represents a best in breed, security management solution. More information on standard WebLogic security features can be found at https://docs.oracle.com/middleware/12212/wls/wls-secure.htm.
The DIVAnet ManagerAdapter Service serves as a bridge between remote servers and Oracle DIVArchive. Oracle recommends that it is installed and configured on the DIVArchive Manager platform. You can use the ManagerAdapter as a bridge to establish a secure connection between DIVA Enterprise Connect and DIVArchive.
The following sections describe the fundamental principles that are required to use any application securely.
Stay current with the release of Oracle DIVA Enterprise Connect that you run. You can find current versions of the software for download on the Oracle Software Delivery Cloud at https://edelivery.oracle.com/.
DIVA Enterprise Connect uses the following TCP/IP ports by default:
tcp/7001 is the default HTTP WebLogic Admin Console UI port
tcp/7002 is the default HTTPS (secure) WebLogic Admin Console UI port
tcp/9443 is the default HTTP DIVA Web Services port
tcp/9444 is the default HTTPs (secure) DIVA Web Services port
Note:
Not all of these ports must be exposed externally, and are based on configuration and usage. To avoid potential security risk, Oracle strongly recommends keeping port 7001 and 7002 blocked. If unencrypted HTTP access from remote sites is not needed, Oracle recommends blocking port 9443 as well.The DIVA Enterprise Connect installer requires a Linux admin user that is not root. WebLogic must always run as this Linux user. This Linux user must not be used for other applications or services (for example, DIVArchive). Updates to configuration files and scripts must not grant world privileges on files in the release. Firewalls must restrict ports to only those that are required. You can use both WebLogic and DIVAnet access control features (briefly described later in this chapter) to restrict API clients and systems to the least privilege possible.
You must monitor system activity to determine how well DIVA Enterprise Connect is operating, and whether it is logging any unusual activity. Check the log files located in the $DIVAS_HOME/logs folder. You should periodically monitor the access*.log files in the $DIVAS_HOME/logs directory for suspicious client activity.
You can access several sources of security information and alerts for a large variety of software products at http://www.us-cert.gov.
The primary method of keeping up to date on security matters is to run the most current release of the DIVA Enterprise Connect software.