Configure Enhanced Security :: DataFlux® Data Management Server 2.7: Administrator's Guide

Overview

The DataFlux Secure software is installed by default in a disabled state when you install your DataFlux Data Management Server. The DataFlux Secure software provides increased security through the Advanced Encryption Standard and through the use of the Secure Sockets Layer to protect HTTP client connections. The gSOAP client connections can be further upgraded to provide compliance with specification 140-2 of the Federal Information Processing Standard. These security enhancements, and their configuration on the DataFlux Data Management Server, are addressed in detail in the DataFlux Secure: Administrator’s Guide.

All of the clients and servers that connect to the DataFlux Data Management Server need to be configured for the same security features.

Enable SOAP with SSL

Edit the following settings as they apply to your environment. Configure these settings in the install-path/etc/dmserver.cfg.

CAUTION:

Stop the DataFlux Data Management Server before you make any changes to the configuration file.

Configuration Option	Description
DMSERVER/SOAP/SSL	This option should remain disabled by comment characters, as is the case by default. This option should not be set in dmserver.cfg because the value is set at server start, based on the server’s metadata definition on the SAS Metadata Server. If you set the option locally, then the local value overrides the value in metadata.
DMSERVER/SOAP/SSL/KEY_FILE	Specifies the path to the key file that is required when the SOAP server must authenticate to clients.
DMSERVER/SOAP/SSL/KEY_PASSWD	Specifies the password for DMSERVER/SOAP/SSL/KEY_FILE. If the key file is not password protected, then comment-out this option. The value of this option must be encrypted. To encrypt passwords, see Encrypt Passwords for DSNs and SSL.
DMSERVER/SOAP/SSL/CA_CERT_FILE	Specifies the file that stores your trusted certificates.
DMSERVER/SOAP/SSL/CA_CERT_PATH	Specifies the path to the directory where you store your trusted certificates.

About OpenSSL

On Windows hosts, the DataFlux Secure software requires you to install the OpenSSL libraries from a third-party supplier. On UNIX and Linux hosts, OpenSSL is installed and configured by default.

The OpenSSL libraries must be available in the execution path for the DataFlux Secure software. On Windows, when you install OpenSSL, the installer creates libraries in the appropriate Windows system directory by default. Use OpenSSL version 1.0.x.

DataFlux Data Management Studio is a 32-bit Windows application. Therefore, it requires the 32-bit OpenSSL for Windows libraries. DataFlux Data Management Server can be installed on either 32-bit Windows or 64-bit Windows. On 64–bit Windows hosts, the DataFlux Data Management Server requires 64-bit OpenSSL.