Security for DevOps Build
You can act to ensure that your installation is secure and set up user access controls.
- Enabling security during the installation process
- Enabling secure communication between multiple applications
- Ports, protocols, and services
- SSL Keystores
- Customizing your security settings
- Setting up user roles and access
- Privacy policy considerations
Enabling security during the installation process
During the installation process, by default the server is configured to use Secure Sockets Layer (SSL) for secure communication. The server is configured to use SSL in both manual and silent installations. In addition to SSL communication, role-based access controls are available that determine what actions a particular user can do.
In general, you configure security on the application server or the database server, not in IBM® DevOps Build (Build). Build communicates with the database by using the Java™ Database Connectivity (JDBC) provider on the application server.
To learn about configuring Lightweight Directory Access Protocol (LDAP) authentication, see Authentication realms.
Installing a FIPS-compliant server
You can configure a Federal Information Processing Standards (FIPS) compliant server by specifying options at installation time. A FIPS-compliant server has certain limitations. See Installing the server in interactive mode.
Enabling secure communication between multiple applications
You can use tokens to secure communications between products that integrate with Build. To learn more about tokens, see Creating tokens.
Ports, protocols, and services
The following table shows the default port numbers for the server.
| Port type | Default port number |
|---|---|
| HTTP | 8080 |
| HTTPS | 8443 |
| Java Message Service (JMS) | 7919 |
| Communication with the Rational Common Licensing server | Port 27000 for the lmrgd daemon. The port numbers for
the vendor daemon can change, but are typically between 27001 and 27009. See
your Rational Common Licensing server for the active ports. |
SSL Keystores
Build supports three SSL keystores, which support different security features. The following list describes the default SSL keystores.
- tomcat.keystore
- The certificate for SSL communication on the HTTPS port is stored in the tomcat.keystore file.
- server.keystore
- The certificate for SSL communication on the JMS port is stored in the server.keystore file. If mutual authentication is enabled, the identities of the server and agent computers are verified. If mutual authentication is disabled, then the server.keystore file is used only to encrypt network traffic. By default, mutual authentication is disabled.
- encryption.keystore
- The secret key that is used to encrypt and decrypt secure properties is stored in the encryption.keystore file. If you export applications and components that use secure properties to other Build servers, you must exchange the contents of this keystore between the servers. The secret key in the encryption.keystore file is randomly generated during installation.
Customizing your security settings
The only user ID that is created by default is admin. To change the password for admin, click .
Except for the default admin password, all passwords are stored in encrypted form in the database. After you change the default admin password, it is also stored in encrypted form.
Setting up user roles and access
You can create and delete users and add users to groups and teams in Build. To learn more, see Security. In Build, the superuser account with special security privileges is Admin.
Privacy policy considerations
Depending on the configurations that are deployed, this software offering might use cookies that can help you to collect personally identifiable information. For information about this offering's use of cookies, see the Notices topic.