Appropriate security policies help you keep users’ personal GroupWise data and Mobility system information secure.
Your Mobility server must be kept secure.
Servers where Mobility data resides should be kept physically secure, in locations where unauthorized persons cannot gain access to the server consoles.
Encrypted file systems should be used on all Mobility servers. Only Mobility administrators should have direct access to Mobility data.
Locations where GroupWise users’ personal data and Mobility system information might be obtained must be kept secure.
Secure SSL connections should be used between your Mobility system and the following external components:
LDAP server (if you are using LDAP as your user source)
GroupWise Post Office Agent (POA)
Browser connection for the Mobility Admin console
Mobile devices
For instructions, see Section 8.1, Security Administration.
To increase your control over mobile device access to your Mobility system, you should establish a device password security policy to ensure that users set up secure passwords on their mobile devices. For instructions, see Section 4.3, Enabling a Device Password Security Policy.
During installation of the Mobility Service, you selected the source (LDAP or GroupWise) from which users and groups of users can be added to your Mobility system. For background information, see Selecting the User Source for Your Mobility System
in the GroupWise Mobility Service 2.1 Installation Guide.
One Mobility administrator is established when you install the GroupWise Mobility Service. If you are using LDAP as the user source, you selected one LDAP user as the Mobility system administrator and you can designate additional Mobility administrators, as described in Setting Up Multiple Mobility Administrator Users. If you are using GroupWise as the user source, the root user on the Mobility server is the Mobility administrator user.
IMPORTANT:The number of people who know how to log in to the Mobility Admin console should be kept to a minimum.
The Mobility Admin console can be integrated with a single sign-on solution. For more information, see Section 1.4.2, Using the Mobility Admin Console with a Single Sign-On Solution.
The configuration files for all internal Mobility components should be protected from tampering. Configuration files are found in the following default locations:
Internal Mobility Component |
Configuration File |
---|---|
Sync Engine |
/etc/datasync/syncengine/engine.xml |
Web Admin |
/etc/datasync/webadmin/server.xml |
Config Engine |
/etc/datasync/configengine/configengine.xml |
Connector Manager |
/etc/datasync/syncengine/connectors.xml |
The log files for all internal Mobility components should be protected against unauthorized access. Some log files contain very detailed information about your Mobility system and users. Mobility log files are found in the following locations:
Internal Mobility Service Component |
Log File Subdirectory under /var/log/datasync |
Log File Name |
---|---|---|
Sync Engine |
syncengine |
engine.log |
Config Engine |
configengine |
configengine.log |
Web Admin |
webadmin |
server.log |
Connector Manager |
syncengine |
connectorManager.log |
Sync Agents |
connectors |
|
If you set the Mobility Service log level to Debug, Subject lines are included in log files for troubleshooting purposes. This information identifies items that are experiencing synchronization problems.
If you use the Debug log level, ensure that log files are kept secure to protect users’ personal information. The Info log level is strongly recommended for a smoothly functioning Mobility system.
No text about recipients or from message bodies is included in log files.