On this page:
CAST Platform Administrators
|Summary: this section provides details about deploying and configuring the "Front Office" components as part of a secured deployment.|
As described in Deployment - security, to deploy CAST AIP securely, the various CAST AIP components are divided into two distinct groups known as Front and Back Office. A standard CAST AIP installation is described in Installing CAST AIP which you should read and understand. However, this section describes all the additional configuration that should be completed for the Front Office components (over and above the standard CAST AIP installation) to ensure that the deployment of CAST AIP conforms to security standards.
The Delivery folder is first and foremost a location used by the CAST AIC Portal for storing successive and compressed versions of an application's source code as packaged by the Delivery Manager(s) using the CAST Delivery Manager Tool. In addition, the CAST Management Studio also requires access to this same Delivery folder so that source code packaged by the Delivery Manager(s) can be acquired and then analyzed.
As such, the choice of location for the Delivery folder is extremely important and may impact where the CAST AIC Portal is installed.
If you decide to use the CAST Storage Service (a dedicated database system provided by CAST) to host the Storage components (the CAST schemas: Management Service, Analysis Service, Dashboard Service and Measurement Service) instead of using a commercially available (and supported) RDBMS (such as Microsoft SQL Server or Oracle Server), you will need to use a dedicated physical machine.
You can deploy the CAST Storage Service either on Linux or Windows, however, for security and performance reasons, it is highly recommended to deploy the CAST storage Service on Linux:
The objective is to configure the CAST web applications in accordance with OWASP (Open Web Application Security Project) guidelines. This configuration has been tested by CAST via a security audit. To secure the web applications, you will need to configure:
Additionally, you can also configure a reverse proxy (using an Apache web server) to hide the Apache Tomcat web application server or take advantage of secure access via HTTPS.
Securely configure the CAST AIC Portal as described in CAST AIC Portal - security configuration options. This page details the following security configuration options:
Securely configure the Health Dashboard / Engineering Dashboard / CAST Rest-API as described in HD - ED - RestAPI - security configuration options. This page details the following security configuration options:
The CAST Delivery Manager Tool is a standalone end-user tool that entirely manages the discovery, selection, extraction and delivery of source code ready for analysis in the CAST Management Studio. The CAST Delivery Manager Tool will be prevented from being downloaded from the CAST AIC Portal to a workstation if the following Java JRE settings available in the Java Control Panel are all enabled:
Security Level set to Very High
|Java 7||Java 8|
CAST recommends that ONE of the following settings is used instead: