Securing Enterprise Server

Securing a computing system is usually a combination of enabling security features, which are parts of the system that exist specifically to improve security; configuring security restrictions, which are aspects of the system and its environment (such as the OS) which are not security features as such but improve security by restricting who can perform which actions; and following other security-sensitive practices, such as installing software updates.

By default, Enterprise Server has many features enabled and few security restrictions, so users can quickly begin to explore and work with it. While this is convenient, in many cases it is prudent to configure Enterprise Server for greater security. For production installations, the best practice is to enable only required features and set security controls to restrict access to authorized users only, in order to safeguard enterprise data and processes. For developer installations, enterprise production systems and data are usually not directly at risk, but developers have access to corporate networks and the source code for enterprise applications, so their systems also need to be protected against compromise. In either environment improved security benefits the organization.

The topics presented here form what is sometimes known as a "hardening guide." They consist of explanations of security settings and other optional configuration and how those improve security, and recommendations for using them in accordance with the organization's security policies and posture, and the intended use of Enterprise Server.

Because security touches on every aspect of a system, and security concerns are intertwined and interact with one another in complex ways, some recommendations appear more than once, in different sections.

Micro Focus recommends all Enterprise Server administrators (including developers who run their own enterprise server instance) review these topics and implement the recommended configuration settings which are appropriate for their organization and deployment. In addition, Micro Focus also recommends reviewing the entire guide before making any complex changes to harden your system, since some decisions might render other recommendations irrelevant. For example, if you disable certain optional features, you do not need to spend time hardening them.