Appropriate security policies help you keep users’ personal GroupWise data and Synchronizer system information secure.
Your Synchronizer server must be kept secure.
Servers where Synchronizer data resides should be kept physically secure, in locations where unauthorized persons cannot gain access to the server consoles.
Encrypted file systems should be used on all Synchronizer servers. Only Synchronizer administrators should have direct access to Synchronizer data.
Locations where GroupWise users’ personal data and Synchronizer system information might be obtained must be kept secure.
Secure SSL connections should be used between your Synchronizer system and the following external components:
LDAP server
GroupWise Post Office Agent (POA)
Browser connection for Synchronizer Web Admin
Mobile devices
For instructions, see Section 5.1, Security Administration.
To increase your control over mobile device access to your Synchronizer system, you should establish a device password security policy to ensure that users set up secure passwords on their mobile devices. For instructions, see Enabling a Device Password Security Policy
in Mobility Connector Configuration
in the Mobility Connector Configuration Guide.
One Synchronizer administrator is established when you install the Mobility Pack. Additional users can be granted Synchronizer administrator rights, as described in Section 2.3.2, Setting Up Multiple Synchronizer Administrator Users, but this should be done carefully.
Synchronizer Web Admin can be integrated with a single sign-on solution, as described in Section 2.3.8, Using Synchronizer Web Admin with a Single Sign-On Solution.
The configuration files for all Synchronizer components should be protected from tampering. Configuration files are found in the following default locations:
|
Synchronizer Component |
Configuration File |
|---|---|
|
Sync Engine |
/etc/datasync/syncengine/engine.xml |
|
Web Admin |
/etc/datasync/webadmin/server.xml |
|
Config Engine |
/etc/datasync/configengine/configengine.xml |
|
Connector Manager |
/etc/datasync/syncengine/connectors.xml |
The log files for all Synchronizer components should be protected against unauthorized access. Some log files contain very detailed information about your Synchronizer system and users. Synchronizer log files are found in the following locations:
|
Synchronizer Component |
Log File |
|---|---|
|
Sync Engine |
/var/log/datasync/syncengine/engine.log |
|
Web Admin |
/var/log/datasync/webadmin/server.log |
|
Config Engine |
/var/log/datasync/configengine/configengine.log |
|
Connector Manager |
/var/log/datasync/syncengine/connector-manager.log |
|
Connectors |
/var/log/datasync/connectors/ default.pipeline1.connector_name.log default.pipeline1.connector_name-AppInterface.log |