Installation : Installing Exalead CloudView : Security Considerations
 
Security Considerations
 
Use a Different JDK Version
Secure Directories
Encrypt Passwords
Secure the Access to the Exalead CloudView Interfaces
This section describes how to secure your Exalead CloudView installation.
Use a Different JDK Version
Secure Directories
Encrypt Passwords
Secure the Access to the Exalead CloudView Interfaces
Use a Different JDK Version
By default, Exalead CloudView embeds its own Java Development Kit (JDK). However, you might need to upgrade it for security reasons.
Supported JDKs are: Oracle JDK, Eclipse Temurin (formerly known as AdoptOpenJDK), and IBM Semeru.
Note: Verify their licenses before using them in production.
Use the same major version as the Exalead CloudView version (that is, do not use a JDK 17 or 9 if the version provided with Exalead CloudView is 11).
Use a more recent minor version than the JDK version provided with Exalead CloudView. For example, if your Exalead CloudView uses version 11.0.7, you can move to version 11.0.16, but not to 11.0.2.
If you need to report an issue with Exalead CloudView, always tell the support team that you are using your own JDK version.
1. Install a new JDK version on your server.
2. Go to <INSTALLDIR>/tools/
3. Run the following script to define the directory containing the new JDK version as the new JDK home directory:
change-java-home.sh|bat <JDKDIR>
Secure Directories
Some directories contain confidential information, for example, accounts, passwords, configuration.
Specify access rights carefully for the following directories:
<DATADIR>/config
<DATADIR>/gct
<DATADIR>/security
Encrypt Passwords
You can store passwords as encrypted inside configuration files.
1. Go to <DATADIR>/bin.
2. Enter the following command:
cvconsole cvadmin utils encrypt-password password=your_password
The encrypted password displays:
Encrypted password: hgM0/HBm1lJzNR9cCbkLTzoSWnTWWhsPrlxY1hKaap6lWHtAM/
jNpW6wPMMMv3AKHJOHPHX3e0KO7sbVHxSI3Pbp+HOiOp7k/MDQrKAOUoeCzVuanos/
kesLE0bA2wslW+Rq414LjNPxhaxYYtVZOdNWSOKbVpIFA3GXvhWvU+NWP7aMoWi349gf1WyLh
RTwsU7jY76AtqX1q3H83UXBvWI0dtCKMMkOsle8Zt/Y23Tc/
lbprgRBEfzDC5CDTnJM0AWHh9+TAdJKJg41g1BlFWXz6BDQGcYC6HGXf20EnJQiYvKkvWnTLu
caLMre30BUh/flslue1UwnuGKk4t5Uw==
Secure the Access to the Exalead CloudView Interfaces
This section describes how to change the default admin credentials.
These credentials are used to connect to:
The Exalead CloudView configuration interfaces, that is, the Administration Console, the Business Console, the Mashup Builder, and the API Console.
The Mashup UI applications created with these Exalead CloudView interfaces.
Change the Admin Password
1. Go to Administration Console > [user logged in] > Users.
2. In the Administrator section, edit the Admin password and confirm.
3. Click Apply.
Change the Admin Login
1. Go to Administration Console > [user logged in] > Users.
2. In the Administrator section, edit the Admin login.
3. Click Apply.
4. Change the admin login for all Mashup Builder modules:
a. Go to <DATADIR>/config/360
b. Edit ModulesPermissions.xml
c. Enter the new login name in <User id="admin"/>.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ModulesPermissions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="">
<Groups>
<Group id="admin">
<User id="admin"/>
</Group>
</Groups>
<Sections>
<Section id="modules">
<Section permission="READ" id="dashboard">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="NONE" id="applications">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="NONE" id="permissions">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="WRITE" id="mashupbuilder"/>
</Section>
</Sections>
</ModulesPermissions>
5. Change the admin login in all your Mashup UI applications:
a. Go to <DATADIR>/config/360/applications/<APPLICATION>/
b. Edit ApplicationPermissions.xml
c. Enter the new login name in <User id="admin"/>.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ModulesPermissions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="">
<Groups>
<Group id="admin">
<User id="admin"/>
</Group>
</Groups>
<Sections>
<Section id="modules">
<Section permission="READ" id="dashboard">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="NONE" id="applications">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="NONE" id="permissions">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="WRITE" id="mashupbuilder"/>
</Section>
</Sections>
</ModulesPermissions>
6. Change the admin login in the Mashup Builder templates, which allow you to create web and mobile Mashup UI applications:
a. Go to <DATADIR>/config/360/applications/template_web/
b. Edit ApplicationPermissions.xml
c. Enter the new login name in <User id="admin"/>.
d. Make the same changes for /template_mobile
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ApplicationPermissions xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="">
<Groups>
<Group id="admin">
<User id="admin"/>
</Group>
</Groups>
<Sections>
<Section permission="NONE" id="mashupbuilder">
<Section permission="READ" id="application_settings">
<Group permission="WRITE" id="admin"/>
</Section>
<Section permission="WRITE" id="widget_builder"/>
<Section id="*">
<Section permission="WRITE" id="ui"/>
<Section permission="WRITE" id="api"/>
</Section>
</Section>
</Sections>
</ApplicationPermissions>
7. Restart Exalead CloudView.