Securing the Analytics Backend

The UI plugin communicates with the Analytics backend via HTTPS. A pre-shared API key is used to protect the data in the Analytics backend and restrict requests to authorized API users only. This key is created during the datastore setup. Analytics works without HTTPS as well, however, this approach is not recommended since data is not encrypted.

Graphic with three squares, the left one depicting an AWI plugin that connects to the backend via https using an API key.

To Secure the Analytics Backend

  1. Enable HTTPS on the backend.

    The following properties must be set in the application.properties file:

    server.port=8443

    # next 3 properties need to be deactivated (commented out) if you want to use the backend with http

    server.ssl.key-store=classpath:localhost.p12

    server.ssl.key-store-password=analytics

    server.ssl.key-password=analytics

  2. Set the front end to call the backend with HTTPS.

    The URL to call the backend is set in the webui-plugin-reporting/plugin.properties file.

    backend.endpoint=https://localhost:8443

    backend.endpoint.verifyCertificate=true

    Where:

    • backend.endpoint.verifyCertificate=true means that the certificate is properly checked (it must be from a certified, known provider). If you want to use a self signed certificate, you have to add it to the local java cacert file.
    • backend.endpoint.verifyCertificate=false means that the certificate is not validated.

  3. Set the Analytics Action Pack to use HTTPS.

    1. Go to Process Assembly.
    2. Unfold the PACKAGES folder and select the PCK.AUTOMIC_ANALYTICS Action Pack.
    3. Double-click ACTIONS and again ANALYTICS. The Analytics Actions are displayed in the list.
    4. Execute the PCK.AUTOMIC_ANALYTICS.PUB.ACTION.ANALYTICS_CONFIGURATION Action to configure the Analytics Action Pack.
    5. Click Requests in the menu bar.
    6. Enter the following Analytics backend URL: https://your.analytics.host:8443.

    7. Add the self signed certificate to the java installation on the agent you choose to execute the Analytics Actions.

      The self signed certificate is located in the local CAcert trust store of the java version that is used to execute the analytics-groovy-runner.jar file.

      You can also ignore HTTPS issues arising from untrusted certificates and host name mismatches. To do so, click the Yes radio button.

    8. Click Submit.

See also:

Security and System Hardening