2 Secure installation and configuration
In this chapter:
Installation overview
Use the information in this chapter to ensure the Oracle Central Designer application is installed and configured securely. For information about installing and configuring the Oracle Central Designer application, see the Installation Guide.
For more information, see:
- Transport Layer Security (TLS)
- Signing authorizations and deployment packages
- Use digital certificates issued by Certificate Authorities
- Configure strong database passwords
- Close all unused ports
- Disable all unused services
Parent topic: Secure installation and configuration
Transport Layer Security (TLS)
To encrypt the transmission of data between the application server and the client computers, you must enable Transport Layer Security (TLS) and obtain an X.509 certificate using your company certificate store or a third party.
For improved security, Oracle recommends that you disable SSL on the Oracle Health Sciences Central Designer application server and enable TLS 1.1 or above.
If you are deploying a study to an Oracle Health Sciences InForm server that uses TLS 1.1 or 1.2, run the following from an Administrator command prompt on the Oracle Health Sciences Central Designer application server to update the Windows registry:
reg add
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319" /v
SchUseStrongCrypto /t REG_DWORD /d 00000001
Parent topic: Installation overview
Signing authorizations and deployment packages
Signing web service authorizations and deployment packages is required. You must install the certificates used for signing on all application servers before you install the Oracle Health Sciences Central Designer application server. During the Oracle Health Sciences Central Designer application server installation, you are prompted to select a certificate for signing web service authorizations, and a certificate for signing deployment packages and Oracle Health Sciences InForm web service authorizations.
For more information, see the Installation Guide.
Parent topic: Installation overview
Use digital certificates issued by Certificate Authorities
A Certificate Authority (CA) assures users that the server information has been verified by a trusted source.
Oracle recommends that you use digital certificates that are issued by a Certificate Authority, and that do the following:
- Verify the server and domain.
- Provide at least a $1 million per year warranty.
Parent topic: Installation overview
Configure strong database passwords
When you install the Oracle Health Sciences Central Designer application, a system database administrator user is created. Only a system database administrator can perform the installation. Ensure all your database passwords are strong passwords.
Parent topic: Installation overview
Close all unused ports
Keep only the minimum number of ports open. You should close all ports not in use.
The Oracle Health Sciences Central Designer application uses the following ports:
- 80 —Used when the client applications are separated from the application servers and database server by a firewall, and do not use an SSL connection (HTTP).
- 443 —Used when the client applications are separated from the application servers and database server by a firewall, and use an SSL connection (HTTPS).
- 1521 —Used by the Oracle Listener service.
- 53000 —Used for communication between application servers behind a firewall.
Parent topic: Installation overview
Disable all unused services
The Oracle Health Sciences Central Designer application installs the job scheduler service on each application server. Make sure the job scheduler service is running, and disable unknown, unused services.
Parent topic: Installation overview
Post-installation configuration
In this section:
- Restrict access to Oracle Health Sciences Central Designer server machines
- Configure strong user passwords
- Configure rights and roles
- Configure IIS to prevent clickjacking
Parent topic: Secure installation and configuration
Restrict access to Oracle Health Sciences Central Designer server machines
Allow only administrator and system accounts access to the Oracle Health Sciences Central Designer application server and database server machines.
Limit the number of users with access to the server machines. Disable or delete any unnecessary users.
Parent topic: Post-installation configuration
Configure strong user passwords
Configure password options to require a secure level of complexity. For example, a minimum required password length of 8 characters requires users to create more secure and complex passwords than a minimum required password length of 6 characters.
For more information, see Password configuration for user security.
Parent topic: Post-installation configuration
Configure rights and roles
Assign users to roles, assign rights to roles, and assign user access to studies so that users can perform only the tasks necessary for their jobs.
For more information, see:
Parent topic: Post-installation configuration
Configure IIS to prevent clickjacking
To secure the web server and prevent clickjacking on the
http://<server
name>/CentralDesignerInstall page, from which you install
the Oracle Health Sciences Central
Designer and Oracle Health Sciences Central
Designer Administrator applications, configure the HTTP response header in IIS.
For more information, see the Installation Guide.
Parent topic: Post-installation configuration