| Oracle Agile Engineering Data Management Security Guide Release e6.2.1.0 E69102-01 |
|
 Previous |
 Next |
| Oracle Agile Engineering Data Management Security Guide Release e6.2.1.0 E69102-01 |
|
Previous |
Next |
The Enterprise Integration Platform (EIP) has a lot of interfaces to connect to the EDM system and to external systems. Therefore it is recommended to setup the EIP in a secure way. The following chapters gives an overview of setting up the EIP in a secure way to restrict access to sensitive data.
The main security settings like the encryption of password and the use of the security protocol (STARTTLS or SSL/TLS) are already part of the standard Agile EDM configuration.
|
Note: Detailed information on setting up the Database Connection for EIP can be found in the Agile EDM Enterprise Integration Platform Administration Guide. |
The database connection used for the EIP must be configured in the EIP configuration file eai_ini.xml and the encrypted database password is added to the configuration file.
To encrypt this password the EIP encryption tool must be used.
The encryption tool is available directly from the installed package. The scripts for Windows and UNIX are located in the directory bin.
Please refer to the Agile EDM Enterprise Integration Platform Administration Guide for more details.
| Location | Purpose | Wallet | Comment |
|---|---|---|---|
| <eip_root>/conf/eai_ini.xml | Database password and potentially other connection passwords | EIP Wallet | Manual modification |
The Message Queue is used to store the XML messages, which are routed through the Integration Platform, in a persistent way, i.e. in a database.
The password for the database connection must be encrypted by Agile EDM encryption mechanism managed by the EIP encryption tool.
Information about the encryption tool can be found above and in the Agile EDM Enterprise Integration Platform Administration Guide Chapter Encrypt Tool.
The Notification Service can be used for sending out notifications in case of technical exceptions in the system. This service uses secure parameters like security protocol (STARTTLS or SSL/TLS) and encrypted SMTP password for SMTP user as a standard.
Detailed information can be found in the Agile EDM Enterprise Integration Platform Administration Guide Chapter Configuration File eai_ini.xml > Notification Section.
The embedded Tomcat is used in EIP to run for example the Network Connectors like HTTP Connector or WebService Connectors.
The Tomcat can only be run in secure HTTPS mode as a standard and must be configured to use a certificate.
Detailed information can be found in the Agile EDM Enterprise Integration Platform Administration Guide Chapter Configuration File eai_ini.xml > Controller Section.
For more information on Apache Tomcat Security refer to the following Apache Web page http://tomcat.apache.org/tomcat-8.0-doc/security-howto.html
The EIP wallet is used to encrypt and decrypt sensitive data. It is stored in the following sub directory of the EIP installation directory:
<eai.home>/wallet
The file permissions of this directory should be restricted to dedicated persons and services only.
Detailed information can be found in the Agile EDM Enterprise Integration Platform Installation and Upgrade Guide Chapter Basic Installation section EIP Wallet.
File connectors are storing and reading data from files. To protect these files (directories) access permissions should be restricted.
Network Connectors like HTTP Connector or Web Service Connectors which use the embedded Tomcat only support HTTPS as a standard and are secured by the standard configuration.For more information see Tomcat section above.
The Mail Connector supports the secure protocols SSL/TLS and STARTTLS. In addition an encrypted SMTP password must be used in the EIP configuration file.
Detailed information can be found in the Agile EDM Enterprise Integration Platform Administration Guide Chapter Network Connectors > Mail Connector
The EDM Connector provides connectivity to Agile EDM in both directions. To setup such a connection in the configuration file the EDM user password must be encrypted with the EIP encryption tool.
The connector can run in ECI mode where the communication to the EDM system is made via ECI. As this connection cannot be secured, we strongly recommend to setup the connection to EDM via PLM-API which uses the secure HTTPS protocol.
|
Note: If EIP is running in Loop-back mode, it is not possible to use PLM-API. |
Detailed information can be found in the Agile EDM Enterprise Integration Platform Administration Guide Chapter Agile EDM Connector.
The JDBC connector is a generic connector that can be used to perform SQL statements against a JDBC-compliant database.
The database password used to create the connection must be encrypted.
Detailed information can be found in this Chapter in section Database Connection and in the Agile EDM Enterprise Integration Platform Administration Guide Chapter Other Connectors.
