Secure communications
Plan how your business requirements and environment affect your approach to securing communications between the components of the system. Balance security with ease of use and performance.
Consider the relative locations and conditions, and the sensitivity of your data to plan for the appropriate security for the following connections:
- Global Mailbox management tool
- Secure connections using SSL/TLS.
- Liberty profile
- Global Mailbox uses the capabilities provided by the Liberty profile to enable secure communication with TSL/SSL.
- NIST or FIPS compliance
- You can configure Liberty and Global Mailbox to run in NIST or FIPS compliance.
- Cluster nodes
- Each Global Mailbox node in the cluster must be individually configured for TLS/SSL.
- Apache Cassandra cluster
- To restrict access to the server to trusted clients only, the connection between Global Mailbox and Cassandra must be secured. This is disabled by default. Enable it to secure the database server for the internal network.
- Replication server
- The SSH server used by replication server must have
PasswordAuthentication
turned on. - Application connections
- SSL connections between Global Mailbox and the application are enabled by default; and are set during installation.
- Firewall requirements
- Ensure that your firewalls are configured to allow connections to the ports.