Installation

Installation User on UNIX

Install as a non-root or unprivileged user. When you want to use ports below 1025, use the UNIX iptables command to redirect these ports to ports 7443 and 7080. See Installation Requirements for more details.

Provide only the necessary rights to update the MFTIS_ Install directory and any directories where *LOCAL data will be saved.

Installation User on Windows

Install as a normal user (non admin). Normal users should be able to use ports below 1024. Provide only the necessary rights to update the MFTIS_ Install directory and any directories where *LOCAL data will be saved.

Securing the JDBC connection

If possible, configure the JDBC driver to use SSL/TLS. Contact your database admin for instructions on how to do this.

Using Secure Ciphers

During the installation procedure, you are prompted to use only secure ciphers. Use the default value of secure ciphers.

This ensures that only secure ciphers will be accepted during SSL negotiation. This applies to the HTTPS connections as well as the FTPS and Platform Server SSL connections.

Admin Service

Do not install the MFT Admin Service on computers located in the DMZ. Only install the MFT Admin Service on computers in the internal network.

HTTPS Certificate

Purchase an HTTPS SSL certificate from a well known certificate authority. The default certificate is a self-signed certificate and will prompt browser users a warning that the certificate is not trusted. When creating a keystore, use a strong password. Do not use the default password.

The MFT Java Applet is now signed with a TIBCO Certificate so that you no do not need to sign the MFT Java Applet.