Oracle Agile Engineering Data Management Security Guide Release e6.2.1.0 E69102-01 |
|
Previous |
Next |
Agile Engineering Data Management (Agile EDM) is a Product Lifecycle Management solution that enables the engineering industry to manage its complete lifecycle of product development activities in a secure and collaborative application environment.
This document provides an overview of the Agile e6 system and discusses the security objectives and security architecture of Agile e6 modules. It also explains how to install and use the Agile e6, release e6.2.1.0, system securely. It includes specific information on how to enable security features, such as SSL, as well as more open ended discussions of the security implications of configuration choices.
Note: For detailed information about the Agile e6 system architecture, refer to the Architecture Guide for Agile e6.2.1.0. |
Some responsibilities of the application server process have been assigned to dedicated services, being able to service several client processes in parallel. These are:
File Management Services
The File Management Services manages the files and attachments transaction and storage services, thus facilitating the check-in and check-out functionality provided by the Document Management System in the Agile e6 system.
Business Services
The Business Services provides Agile e6 functionalities for Workflow Management, Product Configurator, and Permission Manager.
Technical Services
Technical Services encompass Java Client WebStart deployment, Java Client HTTPS support, Web Presentation Service, Web-Fileservice, Web Services, and Administration Client.
The Business Services, as well as the Technical Services, run on top of the Oracle WebLogic Application Server.
The Agile e6 system consists of 2 components.
Server Side Components
Client Side Components
The EDM Server components can reside on the same server where the EDM Server processes are executed (this is recommended for Business Services) or can reside on any other computer in the network (especially for the File Management Service - FMS).
The entire communication is based on TCP/IP. Only the unprivileged ports (above 1024) are used. Privileged ports are used for well known services like Portmapper to establish a connection between FMS client and server. Once a TCP/IP connection is established the port will not be changed dynamically.
File Management Services
ViewServer - (external) component of AutoVue Viewer that is used to view and redline documents (Office documents, 2D/3D-CAD Models)
LDAP Server - (external) component (e.g. Oracle Identity Management Suite) to provide centralized store for managing user/password
Kerberos Server - (external) component (e.g. Microsoft Active Directory) to provide centralized store for managing user/password and Single Sign-On (SSO) capabilities.
Batch Client - component to run Agile e6 batch processes
Java Daemon
FMS Daemon
PLM-API Proxy
Web Services
Business Services
Workflow Editor - to model and view workflows
Office Suite - to check-in/check-out documents from/to Microsoft Office
Installed COM components
The Office Suite uses the Addin-Express Framework for the Office Suite Addin module. The Addin-Express Frameworks installs several COM/.NET components. The following table lists the most important ones.
GUID | Class | Description |
---|---|---|
22C77E65-9597-4867-A5C2-EAF9078A4274 | AddinExpress.MSO.ADXAddinInstaller | Addin-Express Addin Installer |
8373210C-24AF-4561-9AE9-C829C4922415 | AddinExpress.MSO.ADXAddinModule | Addin-Express Addin Loader |
A767C1EC-710D-4A35-9A20-4AF4EDBB8BC0 | GDMAddin2010.AddinModule | Office Suite Addin for Office 2010 |
A39F6C0D-4C64-4677-8751-0F82319B0635 | GDMAddin2013.AddinModule | Office Suite Addin for Office 2013 |
FDB523C7-C0D9-47FB-A99C-EBAFF34E1F5F | GDMTools.clsConvertBookmark | Bookmark Conversion Toolkit |
5E5BF33F-C063-47B1-AD65-CFBCA4CA6B65 | GDMTools.clsConvertPDF | PDF Conversion Toolkit |
6197B81A-16EC-4B42-905D-0B01DB8FA2A7 | GDMTools.clsCreateZipSfx | ZIP Toolkit |
05490640-BED4-42C4-9457-0A3B2C7F545E | GDMTools.clsCustomProperties | Custom Document Properties Toolkit |
D628C366-F8FE-451E-9FCE-F9129C3002CF | GDMTools.clsDocumentProperties | Build-in Document Properties Toolkit |
DF297172-733A-4223-BCDB-40A527C18AAB | GDMTools.clsFiles | File System Toolkit |
9DCE1876-0F39-4DAF-B25C-3BF7EC23F19F | GDMTools.clsOffice | Basic Office Application Toolkit |
E698A962-26B8-4BC3-A758-1F4C8497E5A6 | GDMTools.clsOpenSave | File Dialog Toolkit |
D10542A9-CDC3-4B8D-AAB3-3492EB4EAD24 | GDMTools.clsProgressBar | Progress Report Toolkit |
51971F0C-B912-457E-A86C-02DC135CA539 | GDMTools.clsPrtDlg | Printer Dialog Toolkit |
618B44CD-124B-4CEB-BB87-12C2844BE1E7 | GDMTools.clsRefreshProperties | Refresh Document Properties Toolkit |
9A07D5D6-71D6-4D95-9BD9-253E97487774 | GDMTools.clsRegistry | Windows Registry Toolkit |
46CADF67-6CAE-4D4F-8D2E-95005A06AB72 | GDMTools.clsRegistryOffice | Advanced Windows Registry Toolkit |
D4058C47-99D8-476E-BBB8-41CAA2425DA7 | GDMTools.clsShell32 | Basic Icon Toolkit |
C189BD7F-B462-417E-AFA9-BC3A34FC22E0 | GDMTools.clsTasks | Basic Control Toolkit |
80172A67-C811-42C5-9D1A-E81FDFEE6A6C | GDMTools.clsVersion | Office Suite Version |
ED25543D-F624-4314-A637-1E3DCDBDC375 | GDMTools.clsVsImg32L | Basic Image Toolkit |
13D600B4-28B1-4063-9E3D-E045D1494BB5 | GDMTools.clsWinSys | Basic Window Control Toolkit |
Office Addin Registry Settings - example
Key | ADXStartMode | LoadBehavior |
---|---|---|
HKEY_CURRENT_USER\Software\Microsoft\Office\Excel\AddIns\GDMAddin2013.AddinModule | NORMAL | 3 (start on startup) |
HKEY_CURRENT_USER\Software\Microsoft\Office\PowerPoint\AddIns\GDMAddin2013.AddinModule | NORMAL | 3 (start on startup) |
HKEY_CURRENT_USER\Software\Microsoft\Office\Word\Addins\GDMAddin2013.AddinModule | NORMAL | 3 (start on startup) |
HKEY_CURRENT_USER\Software\Microsoft\Visio\AddIns\GDMAddin2013.AddinModule | NORMAL | 3 (start on startup) |
Providing Basic Security Services
Supporting Standards
Deployment and Configuration Flexibility
Scalability and Predictability
Some advice applies to the entire system and the infrastructure in which it operates.
Keep the software up to date: Keep all software versions and patches up-to-date. Regularly checking the updates page will ensure you have the latest version.
Restrict network access to critical services: Provide a firewall to monitor, restrict and check the access to the system.
Follow the principle of least privilege: Privileges and roles to be checked periodically. Must be given to users depending on relevance to their current job.
Monitor system activity: Auditing addresses system monitoring. Components within the system too have the capability to monitor systems to a certain extent.
Keep up-to-date on latest security information: Check Oracle documentation regularly for latest versions.