Configuring servers

After installing Operational Decision Manager, you configure the components on an application server to secure the communications with all potential clients.

Each server that runs a component of Operational Decision Manager must have a valid certificate.

You need to create a server certificate so that the Liberty server starts with the explicit server certificate assigned by you. The server certificate is contained in a keystore (.jks).

When the server starts with no explicit certificate, the Liberty server automatically produces a self-signed certificate with a domain assigned to your specific domain or local host. Avoid using the certificate automatically generated by the Liberty server because you do not control the attributes of the certificate.

When you create a certificate for a server, always check the following items:

Certificate encryption attributes such as algorithm and length of the key
Validity
Server name, domain name, and common name
Other attributes such as fingerprint

Configuring database connections

The databases that are used by the Operational Decision Manager components also need to be secure.

Consider the following aspects when you configure the databases:

Secure data at rest: Have encrypted partitions or database-level encryption.
Use TLS to connect to the databases: Use Java™™ database connectivity (JDBC) over TLS.
The databases must be highly available to avoid loss of data, especially for Decision Center.