Scope
This document guides readers through the different steps to secure a Denodo installation.
Post-installation checklist
Requirement |
Comply (Y/N) |
Comments |
COMMON |
|
|
Is the update to be installed downloaded from the Support Site? |
|
How to identify the Denodo Platform version and update installed |
Is there a user with proper privileges to install the update? |
||
Is the latest update installed? |
||
Changed the default password of ‘admin’ account (or) created a new administrator user and then, removed the user ‘admin’ account? |
|
|
SECURING DATA |
||
Is transparent data encryption enabled to encrypt the default Derby database? (if used) |
Transparent Metadata Encryption |
|
SSL |
|
|
Is there an SSL certificate self-signed or from a CA for the Denodo server? (if applicable) |
|
|
Is SSL configured in the Denodo servers? (if applicable) |
|
|
Is SSL configured in the Denodo Platform tools? (if applicable) |
|
|
Is SSL configured in the Embedded Web Container? (if applicable) |
|
|
Is SSL configured for external clients? (if applicable) |
|
|
Are the certificates of Data Sources imported in the Denodo truststore? (if applicable) |
|
Only if the VDP server needs to use SSL to connect to Data Sources. |
Is SSL configured in the Solution Manager?(if applicable) |
||
Is SSL configured in the Solution Manager tools? (if applicable) |
||
Privileges |
||
Are roles defined? |
|
This may be done during deployment instead of during installation. |
Are privileges assigned? |
|
This may be done during deployment instead of during installation. Types of Access Rights |
Are security restrictions defined with Global Security Policies? (if applicable) |
Global Security Policies |
|
LDAP |
|
|
Is the LDAP data source defined? (if applicable) |
|
Virtual DataPort Admin Tool. |
Is the database configured to delegate authentication to LDAP? (if applicable) |
|
This may be done during deployment instead of during installation. |
SSO |
||
Does the Solution Manager delegate authentication to external identity providers like SAML, OAuth, OpenID ? (if applicable) |
Denodo Security Token |
|
Kerberos |
||
Is Kerberos Authentication set up? (if applicable) |
Setting-up Kerberos Authentication |
|
Credentials Vault |
||
Is integration with Credentials Vault enabled to obtain the credentials of JDBC data sources? |
Credentials Vault |
|
Auditing |
||
Is an information security audit running every few months? |
Auditing User Access in Virtual DataPort |
|
Are Resource Manager rules set to reject requests from unknown IPs? |
Resource Manager |
References
The information provided in the Denodo Knowledge Base is intended to assist our users in advanced uses of Denodo. Please note that the results from the application of processes and configurations detailed in these documents may vary depending on your specific environment. Use them at your own discretion.
For an official guide of supported features, please refer to the User Manuals. For questions on critical systems or complex environments we recommend you to contact your Denodo Customer Success Manager.
Recommended resources Recommendations generated by AI
Questions
