Securing the Backend

The backend must be secured in order to restrict access to authorized users.

Securing the Backend

The UI plugin communicates with the Analytics backend via HTTPs. A pre-shared API key is used to protect the data in the Analytics backend and restrict requests to authorized API users only. This key is created during the datastore setup. Analytics works without HTTPs , however, this approach is not recommended since data is not encrypted.

To secure the backend

  1. Set the backend to SSL.

    To enable SSL, the following properties must be set in the application.properties file:

    server.port=8443

    server.ssl.key-store=classpath:localhost.p12

    server.ssl.key-store-password=analytics

    server.ssl.key-password=analytics

    A valid ssl certificate (localhost.p12 in this example) must be within the root classpath of the backend application.

  2. Set the frontend to call the backend with https.

    The URL to call the backend is set in the webui-plugin-reporting/plugin.properties file.

    backend.endpoint=https://localhost:8443

    backend.endpoint.verifyCertificate=true

    Where:

    • backend.endpoint.verifyCertificate=true means that the certificate is properly checked (it must be from a certified, known provider). If you want to use a self signed certificate, you have to add it to the local java CAcert file.
    • backend.endpoint.verifyCertificate=false means that the certificate is not validated.
  3. Set the analytics Action Pack to use HTTPs.
    1. Go to the Process Assembly perspective.
    2. Unpack the PACKAGES folder and select the PCK.AUTOMIC_ANALYTICS Action Pack.
      If this package is not available, you can download it from Automic Marketplace.
    1. Double-click ACTIONS and again ANALYTICS. The Analytics Actions are displayed in the list.
    2. Execute the PCK.AUTOMIC_ANALYTICS.PUB.ACTION.ANALYTICS_CONFIGURATION Action to configure the Analytics Action Pack.

    3. Click Requests in the menu bar. The following dialog is displayed:

    4. Enter the following Analytics backend url: https://your.analytics.host:8443.

    5. Add the self signed certificate to the java installation on the agent you select to execute the analytics Actions

      The self signed certificate is located in the local CAcert trust store of the java version that is used to execute the analytics-groovy-runner.jar file.

      You can also ignore SSL issues arising from untrusted certificates and host name mismatches. To do so, click the Yes radio button.

    6. Click Submit.