5.2 Security Policies

5.2.1 Securing Your Synchronizer Data

Limiting Physical Access to Synchronizer Servers

Servers where Synchronizer data resides should be kept physically secure, where unauthorized persons cannot gain access to the server consoles.

Securing File System Access

Encrypted file systems should be used on all Synchronizer servers. Only Synchronizer administrators should have direct access to Synchronizer data.

5.2.2 Securing Your Synchronizer System

Setting Up SSL Connections

Secure SSL connections should be used between your Synchronizer system and the following external components:

  • LDAP server

  • GroupWise Post Office Agent (POA)

  • Browser connection for Synchronizer Web Admin

  • Mobile devices (Mobility Pack only)

For instructions, see Section 5.1, Security Administration.

Setting Up a Device Password Security Policy (Mobility Pack Only)

To increase your control over mobile device access to your Synchronizer system, you should establish a device password security policy to ensure that users set up secure passwords on their mobiles devices. For instructions, see Enabling a Device Password Security Policy in Mobility Connector Configuration in the Mobility Connector Installation and Configuration Guide.

Securing Synchronizer Web Admin

One Synchronizer administrator is established when you install the Mobility Pack or Data Synchronizer. Additional users can be granted Synchronizer administrator rights, as described in Section 3.1.2, Setting Up Multiple Synchronizer Administrator Users, but this should be done judiciously.

Protecting Synchronizer Configuration Files

The configuration files for all Synchronizer components should be protected from tampering. Configuration files are found in the following default locations:

Synchronizer Component

Configuration File

Sync Engine

/etc/datasync/syncengine/engine.xml

Web Admin

/etc/datasync/webadmin/server.xml

Config Engine

/etc/datasync/configengine/configengine.xml

Connector Manager

/etc/datasync/syncengine/connectors.xml

Protecting Synchronizer Log Files

The log files for all Synchronizer components should be protected against access by unauthorized persons. Some contain very detailed information about your Synchronizer system and users. Synchronizer log files are found in the following locations:

Synchronizer Component

Log File

Sync Engine

/var/log/datasync/syncengine/engine.log

Web Admin

/var/log/datasync/webadmin/server.log

Config Engine

/var/log/datasync/configengine/configengine.log

Connector Manager

/var/log/datasync/syncengine/connector-manager.log

Connectors

/var/log/datasync/connectors/
       default.pipeline1.connector_name.log
       default.pipeline1.connector_name-AppInterface.log