9.4 Database Communication Encryption

TeamWorks Administrators can enable or disable data encryption between the TeamWorks server and the database.

The Database Connection page on the Appliance Console now includes a new option Encrypt Database Communication that enables you to encrypt the data from the TeamWorks server. This option is disabled by default. Before selecting this option, you must ensure that the settings for your database are enabled to allow encryption of the data from the database server to the TeamWorks server.

9.4.1 Configuring the Database for Secure Communications

To enable data encryption between the TeamWorks server and the database server, you must first configure your database server to support data encryption. Only then can you configure the settings on the TeamWorks server.

For the PostgreSQL Appliance

If you are using the PostgreSQL appliance, perform the following steps to secure the database communication:

  1. On the PostgreSQL database server, create a folder named /vastorage/conf/ssl-certs-dir/.

  2. Download the ssl_PostgreSQL.sh script from the TeamWorks 1.0 download site to the folder you created in the previous step.

    Registration with Micro Focus is required. If you have already registered and received an email with a download link, the file is on the linked page.

  3. Run the following command to install the files required for data encryption:

    # sh ssl_PostgreSQL.sh INSTALL

  4. Run the following command to enable the SSL setting:

    # sh ssl_PostgreSQL.sh ENABLE <db-root-password>

  5. Run the following command to check if SSL is enabled in the PostgreSQL database server. The value of have_ssl flag should have changed from DISABLED to YES.

    # PostgreSQL -uroot -p<db-root-password> -e "SHOW GLOBAL VARIABLES LIKE 'have_%ssl';"

NOTE:To disable the secure database communication, run the following command:

# sh ssl_PostgreSQL.sh DISABLE <db-root-password>

For Other Database Servers

If you using your existing database server instead of the PostgreSQL appliance, refer to the following database-specific documentation to enable the data encryption from the database server to the TeamWorks server:

9.4.2 Configuring TeamWorks for Secure Communications

IMPORTANT:Before you configure your TeamWorks appliance to support data encryption, you must first configure the database server to support it. See Configuring the Database for Secure Communications.

To configure the TeamWorks server to encrypt data:

  1. Log in to the TeamWorks appliance at https://server_url:9443.

  2. Click Configuration > Database.

  3. Specify the configuration options that apply to your configuration.

    For information about the options, click the help icon.

  4. A message reminds you that you must have encryption from the database server already enabled. Ensure that the encryption from the database server is enabled and then click OK.

  5. Click OK, then click Reconfigure TeamWorks Server for your changes to take effect.

    This stops and restarts your TeamWorks server. Because this results in server downtime, you should restart the server at off-peak hours.

NOTE:To disable the data encryption between TeamWorks and the database server, you must first disable secure database communication and then deselect the Encrypt Database Communication option. For information about configuring the database settings, see Configuring the Database for Secure Communications.