Securing Server

TIBCO® Graph Database provides both Clustering and Non-Clustering (Standalone) to host one or more databases for client applications. It can run as a group of coordinate agents on cooperative homogeneous machines on a network, or on a single machine as a Standalone Server. Either way it provides a channel to the client application and acts as a gateway intercepting requests to perform Transactions, Queries, System Management, and so on. Application and Corporate IT governance could require these channels to be secure and protected. This section guides the user with the necessary steps.

Prerequisites

  1. SRE has coordinated with the Security information. See Coordination.
  2. SRE has created a server configuration or a cluster configuration.
  3. SRE has identified the number of channels (net listeners) needed for the server based on the following criteria.
    1. Functional Isolation - Isolate OLTP requests to OLAP requests
    2. Throughput requirements
    3. ensitivity requirements
    4. Allocate 1 extra secured channel for Administrative purpose

Procedure

  1. For each channel, configure the [net listener] section as shown in figure.

  2. For cluster configuration, Intra-Agent communications are only TCP based. Isolate the network either by interfaces (multi-homed machines) or by virtual segmentation for securing the data movement between the agents.

  3. To host Multi-tenants on the Cluster or Non-Cluster server, add the database names and the path to the configuration file to the [databases] section.
  4. Always run Admin console on SSL channel for secured communication. Using “tcp” as a protocol will raise a warning.