1. Security Guide
  2. Retail Predictive Application Server Cloud Edition Security Features
  3. Planning Data Schema Security
  4. Configuration Management

Configuration Management

The process of RPASCE application configuration can be performed by an RPASCE administrator, an application expert, a consultant or a third-party implementation team. In all cases, the process of creating or modifying the configuration of an RPASCE application is performed using a stand-alone Java application known as the RPASCE Configuration Tools.

The RPASCE Configuration Tools work with an XML representation of the content of an application known as the application configuration. Using the Configuration Tools, an application configuration can be inspected and modified. The configuration is then used as an input to the application deployment process, which creates and modifies RPASCE PDS.

Because the RPASCE Configuration Tools are supported only on the Windows platform, there is a need to manage the transfer of that configuration between the system being used for the configuration and the system on which the RPASCE PDS will be built and maintained.

Although the configuration itself does not contain any sensitive information, it does contain information about the meta-data of the application and the processes used to maintain and modify that application data. As such, it is prudent to secure the representation of the application contained within the configuration.

To that end, there are three areas in which the security of a configuration can be discussed. These areas are:

  • Upon the system on which the configuration process is performed.

  • Upon the system on which the RPASCE PDS is deployed.

  • Upon the transfer of the configuration between the above two systems.

In each of these areas, precautions can be taken to maintain the integrity and confidentiality of the information represented within the configuration.

Securing the Configuration System

Because the RPASCE Configuration Tools do not interact directly with the RPASCE PDS, they cannot be used to inspect or modify PDS information. However, because the configuration describes the information in the PDS and the processes used to maintain and modify that information, it should be viewed as proprietary information. As such it should be subjected to the appropriate considerations employed to protect other proprietary information present on user systems.

The considerations include safeguarding the physical security of systems that store proprietary information, encryption of storage devices for these systems and limiting risk of exposure through controlling access to the information contained within the configuration.

Securing the Deployment System

Once uploaded to the OCI environment, the configuration is protected by the same safeguards present to secure all application resources residing within the host environment. No additional protections are required.

Securing the Transfer of Configurations

Configuration is performed on one or more users' individual systems. In order to build or update an RPASCE PDS with that configuration, it is necessary to transfer the configuration to the system upon which the PDS will be deployed. This transfer is accomplished using the Oracle Cloud Infrastructure Object Storage service. OCI Object Storage provides a reliable and secure method of moving information into and out of RPASCE application instances.

Information on use of OCI Object Storage in conjunction with RPASCE applications can be found in the Oracle Retail Predictive Application Cloud Service Implementation Guide. Information on OCI Object Storage itself, including information on security best practices, can be found here:

https://docs.oracle.com/en-us/iaas/Content/Object/Concepts/objectstorageoverview.htm