Security Summary
This section provides a summary of security options for the entire deployment organized by priority.
High Priority
| • | Secure Installation Location |
| • | Login and Servlet Authentication |
| • | Application Server Security |
Medium-to-Low Priority
| • | Secure Connections between RTView Processes |
| • | Secure Connections to Monitored Components |
| • | Secure Connections to Databases |
High Priority
Secure Installation Location
The RTView installation and Application Server should be run in a secure location to ensure displays and configuration files are secure and access-restricted.
Login and Servlet Authentication
| • | HTML UI - By default, the HTML UI is configured with HTTP authentication which should be deployed on HTTPS since HTTP authentication does not encrypt user credentials. The HTML UI connects to the Data Server via the rtvquery servlet. The rtvquery servlet does not have authentication enabled by default. See the HTML UI section in this document for information on enabling authentication in the rtvquery servlet. |
| • | Configuration Application - By default, the Configuration Application is configured with HTTP authentication which should use HTTPS since HTTP authentication does not encrypt user credentials. |
Application Server Security
| • | It is highly recommended that you configure your Application Server to use HTTPS as described in the RTView© Enterprise User's Guide Version 6.4.2 section of this document. The RTView servlets that support HTTP authentication do not encrypt user credentials. |
| • | It is highly recommended that you change the user credentials in your Application Server for the rtvadmin, rtvuser, and rtvalertmgr roles since the default credentials are documented and publicly available. |
Medium-to-low Priority
If a Secure Installation Location has been met, these are lower priority.
Secure Connections between RTView Processes
The Historian, Data Server, Data Collector, rtvquery servlet, rtvdata servlet, rtvadmin servlet, and rtvagent servlet all connect to the Data Server via socket which is unsecured by default. The Data Server supports secure socket connections (SSL) with or without certificates. It also supports client whitelist and blacklist. More details are available in the Data Server section.
Secure Connections to Monitored Components
The Data Server uses component specific api's to connect to Monitored Components. Securing these connections is described in Creating Secure Connections
Secure Connections to Databases
The Data Server and Historian both create database connections using JDBC. See the Database section in this document for information on securing JDBC connections to your database.