Planning for storage security

Before you implement AS4 Microservice, determine the best security methods to manage your data. To configure storage security settings, you must create a new bucket variant (and then retire and eventually delete the old variant).

Some important information to consider regarding data storage is the following:

To protect data during transfer to and from your partners, implement HTTPS as the transport protocol.
To protect data at rest, encryption is enabled by default and properties are set to provide the necessary default certificates.
By default, storing the message digest with each blob is enabled and the default message digest that is used to calculate the hash algorithm is MD5.
Important: If you are using AS4 Microservice with Sterling B2B Integrator 5.6.2.1 or earlier, you must provision storage using the MD5 hash algorithm to calculate the message digest.
Storage blobs that were divulged are stored in the clear (clear text), even if the storage bucket from which they originated was enabled for encryption at rest.
The DivulgeBlobsInto directory must be secured with another method, such as using features of the Operating System. For example, when you use Linux®, you can use encrypted file systems).
The symmetric keys that are used to encrypt blobs are stored as encrypted with a key derived from the AS4 Microservice system passphrase. The system passphrase is specified when AS4 Microservice is installed.
The system passphrase must be set to the same value across all AS4 Microservice members and cannot be changed without affecting the ability to read existing blobs.
Secure storage REST API access depends on all HTTP Servers having SSL/TLS enabled (or ensuring that the allowedPorts configuration is set to limit access to just those HTTP Servers).
Access control to storage blobs adheres to the AS4 Microservice pattern: functional domains, data domains, and so forth.