Servers where Synchronizer data resides should be kept physically secure, where unauthorized persons cannot gain access to the server consoles.
Encrypted file systems should be used on all Synchronizer servers. Only Synchronizer administrators should have direct access to Synchronizer data.
Secure SSL connections should be used between your Synchronizer system and the following external components:
LDAP server
GroupWise Post Office Agent (POA)
Browser connection for Synchronizer Web Admin
Mobile devices (Mobility Pack only)
For instructions, see Section 5.1, Security Administration.
To increase your control over mobile device access to your Synchronizer system, you should establish a device password security policy to ensure that users set up secure passwords on their mobiles devices. For instructions, see Enabling a Device Password Security Policy
in Mobility Connector Configuration
in the Mobility Connector Installation and Configuration Guide.
One Synchronizer administrator is established when you install the Mobility Pack or Data Synchronizer. Additional users can be granted Synchronizer administrator rights, as described in Section 3.1.2, Setting Up Multiple Synchronizer Administrator Users, but this should be done judiciously.
The configuration files for all Synchronizer components should be protected from tampering. Configuration files are found in the following default locations:
Synchronizer Component |
Configuration File |
---|---|
Sync Engine |
/etc/datasync/syncengine/engine.xml |
Web Admin |
/etc/datasync/webadmin/server.xml |
Config Engine |
/etc/datasync/configengine/configengine.xml |
Connector Manager |
/etc/datasync/syncengine/connectors.xml |
The log files for all Synchronizer components should be protected against access by unauthorized persons. Some contain very detailed information about your Synchronizer system and users. Synchronizer log files are found in the following locations:
Synchronizer Component |
Log File |
---|---|
Sync Engine |
/var/log/datasync/syncengine/engine.log |
Web Admin |
/var/log/datasync/webadmin/server.log |
Config Engine |
/var/log/datasync/configengine/configengine.log |
Connector Manager |
/var/log/datasync/syncengine/connector-manager.log |
Connectors |
/var/log/datasync/connectors/ default.pipeline1.connector_name.log default.pipeline1.connector_name-AppInterface.log |