This section focuses on the Standalone ERAgent security, if you choose the HTTP REST connectivity mode.
Important: For the other connectivity modes, the security level is the same as the:
• 3DSpace security for the 3DSpace connectivity mode.
• Legacy ENOVIA SBA Connector for legacy mode (Local Context).
Restrict the Access to the Standalone ERAgent Port
It is better to restrict the IP addresses that can access the Standalone ERAgent (/enovia-agent URI) to prevent other machines than the ER connector host to get access to ENOVIA data.
Configure a Reverse Proxy with HTTPS
The standalone agent does not offer an HTTPS connectivity by default.
As login and passwords are sent to the agent in HTTP POST bodies, it is better to secure it using an HTTPS reverse proxy. The reverse proxy with HTTPS is available on the ENOVIA server. You only need to add some entries to filter the ERAgent. To proxy pass, reverse the /enovia-agent/* URLs. When using an encrypted reverse proxy, all messages exchanged from the ER connector to the Standalone ERAgent host are encrypted.
The following diagram shows the basic security workflow.
