Appropriate security policies help you keep users’ personal GroupWise data and Mobility system information secure.
When creating certificates for your GroupWise system, we recommend the following:
Consolidate to one CA for your GroupWise system.
Use a public CA for your GroupWise system.
Use a wild card certificate for all of your POAs.
Your Mobility server must be kept secure.
Servers where Mobility data resides should be kept physically secure, in locations where unauthorized persons cannot gain access to the server consoles.
Encrypted file systems should be used on all Mobility servers. Only Mobility administrators should have direct access to Mobility data.
Locations where GroupWise users’ personal data and Mobility system information might be obtained must be kept secure.
Secure SSL connections should be used between your Mobility system and the following external components:
GroupWise Post Office Agent (POA)
Browser connection for the Mobility Administration Console
Mobile devices
For instructions, see Security Administration.
To increase your control over mobile device access to your Mobility system, you should establish a device password security policy to ensure that users set up secure passwords on their mobile devices. For instructions, see Enabling a Device Password Security Policy.
The root user on the Mobility server is the Mobility Administrator.
IMPORTANT:The number of people who know how to log in to the Mobility Administration Console should be kept to a minimum.
The Mobility Administration Console can be integrated with a single sign-on solution. For more information, see Using the Mobility Administration Console with a Single Sign-On Solution.
The configuration files for all internal Mobility components should be protected from tampering. Configuration files are found in the following default locations:
|
Internal Mobility Component |
Configuration File |
|---|---|
|
Sync Engine |
/etc/datasync/syncengine/engine.xml |
|
Web Admin |
/etc/datasync/webadmin/server.xml |
|
Config Engine |
/etc/datasync/configengine/configengine.xml |
|
Connector Manager |
/etc/datasync/syncengine/connectors.xml |
The log files for all internal Mobility components should be protected against unauthorized access. Some log files contain very detailed information about your Mobility system and users. Mobility log files are found in the following locations:
|
Internal Mobility Service Component |
Log File Subdirectory under /var/log/datasync |
Log File Name |
|---|---|---|
|
Sync Engine |
syncengine |
engine.log |
|
Config Engine |
configengine |
configengine.log |
|
Web Admin |
webadmin |
server.log |
|
Connector Manager |
syncengine |
connectorManager.log |
|
Sync Agents |
connectors |
|
If you set the Mobility Service log level to Debug, Subject lines are included in log files for troubleshooting purposes. This information identifies items that are experiencing synchronization problems.
If you use the Debug log level, ensure that log files are kept secure to protect users’ personal information. The Info log level is strongly recommended for a smoothly functioning Mobility system.
No text about recipients or from message bodies is included in log files.