Securing the Backend
As a Backend Administrator you can secure communications to restrict access to authorized users.
The UI plug-in communicates with the Analytics backend using HTTPs. A pre-shared API key is used to protect the data in the Analytics backend and restrict requests to authorized API users only. This key is created during the Datastore setup.
To secure the backend
- Set the backend to SSL.
To enable SSL on the backend, the following properties must be set in the application.properties file:
server.port=8443
# next 3 properties must be deactivated (commented out) if you want to use the backend with http
server.ssl.key-store=classpath:localhost.p12
server.ssl.key-store-password=analytics
server.ssl.key-password=analytics
A valid ssl certificate (localhost.p12 in this example) must be within the root classpath of the backend application. - Set the front end to call the backend with https.
The URL to call the backend is set in the webui-plugin-reporting/plugin.properties file.
backend.endpoint=https://localhost:8443
backend.endpoint.verifyCertificate=true
Where:- backend.endpoint.verifyCertificate=true means that the certificate is properly checked (it must be from a certified, known provider). If you want to use a self signed certificate, you must add it to the local java cacert file.
- backend.endpoint.verifyCertificate=false means that the certificate is not validated.
Set the Analytics Action Pack to use HTTPs.
- Go to the Process Assembly perspective.
- Unfold the PACKAGES folder and select the PCK.AUTOMIC_ANALYTICS Action Pack. If this package is not available, you can download it from https://marketplace.automic.com/.
- Double-click ACTIONS and again ANALYTICS. The Analytics Actions are displayed in the list.
- Execute the PCK.AUTOMIC_ANALYTICS.PUB.ACTION.ANALYTICS_CONFIGURATION Action to configure the Analytics Action Pack.
-
Select Requests in the menu bar. The following dialog is displayed:
- Enter the following Analytics backend url: https://your.analytics.host:8443
-
Add the self signed certificate to the java installation on the agent you decide to execute the analytics Actions.
Notes:
- The self signed certificate is located in the local CAcert trustStore of the java version that is used to execute the analytics-groovy-runner.jar file.
- You can also ignore SSL issues arising from untrusted certificates and host name mismatches. To do so, select the Yes radio button.
-
Once you have configured your agent to use the HTTPs, all services that run on the agent are switched to HTTPs. The HTTP interface will not longer work.
-
When you use a certificate to secure your interface, the certificate is applied to all services running on the IA Agent.
- Click Submit.