/
Web Console Security

IBM DataPower Operations Dashboard v1.0.8.5

A newer version of this product documentation is available.

You are viewing an older version. View latest at https://ibm.biz/dpod-docs.

Web Console Security

Owned by Copy Page Tree
Last updated: Apr 16, 2017 by Amit Munwes

DPOD's Web Console enables the user to view all the information gathered, processed and analyzed by DPOD.

This useful information can be highly confidential. DPOD therefore implements a suite of security functions in order to enable confidentiality and Role Based Access Control to DPOD's functions and information.

Secure Web Access

DPOD has the following features securing web access:

  • Access to DPOD's Web Console is provided via a supported web browser over HTTPS (SSL).

  • The Console uses a self-signed certificate and a key (in PEM format) generated during DPOD's installation process. The user should replace them with the organization’s certificate.
  • Audit log (access log) exists and is enabled by default. The user may configure its format in /app/ui/MonTier-UI/conf/server.xml (under the key "access_log").

  • Session timeout is set to 30 minutes by default. The user may change this default in /app/ui/MonTier-UI/conf/web.xml (under the key "session-timeout").

  • DOD Lockout is enabled by default. The user may configure the number of retries and period of lockout in /app/ui/MonTier-UI/conf/server.xml (change LockOutRealm parameters as required).
    For example: <Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="300" cacheSize="1000" cacheRemovalWarningTime="3600">
  • Admin users access may be limited by IP address. See Limit Admin Users Access by IP.



Related content

IBM DataPower Operations Dashboard (DPOD) v1.0.8.5