Share this page
Secure implementation and deployment
This section provides information on implementing and deploying the product in a secure manner.
Technical system landscape
OpenText Application Quality Management is an enterprise-wide application based on Java 2 Enterprise Edition (J2EE) technology. J2EE technology provides a component-based approach to the design, development, assembly, and deployment of enterprise applications. For details, see the Technology and Architecture
Security in basic configuration
For security recommendations for a basic OpenText Application Quality Management configuration, see the example in Technology and Architecture
Security in Clustered ALM Configuration
For security recommendations for a clustered configuration, see the example in Technology and Architecture.
External authentication
OpenText Application Quality Management supports external authentication with specific configurations. The supported modes include Smart Card authentication, such as CAC, and SSO authentication, such as Siteminder. For details, see External Authentication .
Proxy authentication support
When a proxy or front end web server requires authentication, you can use the Webgate Customization tool to configure the proxy and identify the credentials it expects, as well as any required front end web server credentials. For details, see the ALM Webgate Customization Readme, available from Help > ALM Tools > Webgate Customization.
Common security considerations
Thoroughly review the trust boundaries between OpenText Application Quality Management components (OpenText Application Quality Management servers, OpenText Professional Performance Engineering servers, exchange servers, database servers, LDAP servers, and other integrating servers) to minimize the number of hops between the components. In addition, it is recommended to use SSL to secure access to servers located across such boundaries.
When there is a firewall between any OpenText Application Quality Management deployment components, ensure the proper configuration according to the vendor recommendation.
Run periodic trusted root Certificate Authority certificate updates on your clients and servers to ensure that the publisher certificates used in digital code signing are trusted.
Best practices
-
The OpenText Application Quality Management application server installation supports a secure connection via SSL/TLS. In addition, it is expected and recommended that the front end server (load balancer or reverse proxy) will be configured to require secure connection.
- If you are using SSO external authentication, such as SiteMinder, the SSO cookie must be HTTP-only.
- The demonstration web applications and demo projects are not necessarily secure and should not be deployed on production servers.
