2 Performing a Secure UIM Installation

This chapter presents planning information for your Oracle Communications Unified Inventory Management (UIM) system and describes recommended installation scenarios that enhance security.

For more information about installing UIM, see UIM Installation Guide.

Installing UIM Securely

You can perform a custom installation or a typical installation. Oracle recommends that you perform a custom installation to avoid installing options and products you do not need. However, you can perform a typical installation, and remove or disable features you do not need after the installation is complete.

When installing UIM, do the following:

  • When creating the WebLogic Server domain for UIM:

    • Make sure that SSL ports are being used on the Administration Server and all Managed servers.

    • If installing UIM on a cluster of servers, configure the cluster addresses to use SSL ports.

    • After you have created the WebLogic Server domain for UIM, start the Administration Server. Then, use t3s to start the Managed servers:

      startManagerServer.sh ManagedServer_1 t3s://host_name

      where ManagedServer_1 is the name of the first Managed server, and host_name is the host name of the Administration server.

  • Using the WebLogic Server Administration Console, configure Certificate Identity and trust store to use SSL. Do not use the default demonstration certificate that comes with WebLogic Server. See the WebLogic administrator's documentation for more information.

  • During the installation of UIM, on the Disable Unsecured Listen Port window of the Oracle Universal Installer, select the Disable all the non-SSL ports check box to secure all communication between components, and JCA and JMS collection, over SSL ports.

About Password Policies

Oracle recommends having strong password policies for UIM and database schema users. Consider enforcing the following password policies:

  • Minimum length of password is 8 characteristics.

  • Password must contain at least one digit, one capital letter, and one special character. For example, WebLogic@123.

  • The user name must not be part of the password.

Stricter rules can be set for the authentication provider using the WebLogic Server Administration Console. For details on authentication providers and their configuration, refer to WebLogic administrator documentation.

See UIM System Administrator's Guide for information about changing and setting UIM passwords.

Post-Installation Configuration

This section explains security configurations to complete after UIM is installed.

Setting Up User Accounts to Lock and Expire

Create UIM user accounts to lock after a certain number of failed log in attempts, and to expire after a certain amount of idle time.

See UIM System Administrator's Guide for information about changing and setting UIM passwords.