Use > Hardening > Introduction to Hardening > Deploying UCMDB in a Secure Architecture

Deploying UCMDB in a Secure Architecture

Several measures are recommended to securely deploy your Universal CMDB servers:

  • DMZ architecture using a firewall

    The secure architecture referred to in this document is a typical DMZ architecture using a device as a firewall. The basic concept of such an architecture is to create a complete separation, and to avoid direct access between the Universal CMDB clients and the Universal CMDB server.

  • Secure browser

    Internet Explorer and Firefox in a Windows environment must be configured to securely handle Java scripts, applets, and cookies.

  • SSL communication protocol

    Secure Sockets Layer protocol secures the connection between the client and the server. URLs that require an SSL connection use a secure version (HTTPS) of the Hypertext Transfer Protocol. For details, see Enabling Secure Sockets Layer (SSL) Communication.

  • Reverse proxy architecture

    One of the more secure and recommended solutions suggests deploying Universal CMDB using a reverse proxy. Universal CMDB fully supports secure reverse proxy architecture. For details, see Using a Reverse Proxy.

  • Advanced Security Option (ASO) in Oracle

    ASO provides encrypted communication between the server and the database. For details, see Configure Universal CMDB and Configuration Manager to Support Oracle Advanced Security Option (ASO)