User GuidesAiimi

Gateway (Web Server)

The following security considerations apply to the gateway:

  • The gateway needs network access:

    • To all agent servers

    • Any respective agent services

    • The Elasticsearch cluster – as described in the firewall section.

  • The Internet Information Services configuration or Apache Server user account needs:

    • Read access to the Apps folder on your deployment.

    • Read/write access to the Logs folder on your deployment.

    • Read access to the certificates used to secure communications with Elasticsearch.

  • From a defence in depth perspective the principle of least privileges should apply.

    • The account should have the minimum privileges required to run the apps.

  • End user access should be secured over HTTPS with a valid certificate for production deployments. Not self-signed.

  • You can lock the Control Hub down to specific IP addresses. For example a remote desktop host. This provides additional security over and above the authentication required to access the app.

    • To do this you must lock the admin and the API sub-folder down to specific IP addresses.

PreviousRepositoryNextTools & Utilities