2.3 Security Guidelines

2.3.1 SSL (HTTPS) for Secure Communications

For secure connections between PlateSpin Migrate Connector and PlateSpin Transformation Manager, the Jetty SSL settings on the PlateSpin Transformation Manager Appliance VM are configured with the latest recommended security settings.

Ensure that you configure the Appliance to use port 8183 for secure communications.

2.3.2 SSL Certificate for Secure Communications

The installation of the PlateSpin Transformation Manager Appliance generates and installs a self-signed certificate for SSL (Secure Sockets Layer) communications. It uses the DNS name that you specify for the PlateSpin Transformation Manager Appliance. The certificate applies to the PTM Appliance and the software.

For higher security, Micro Focus recommends that you use a server certificate that is signed by a trusted certificate authority (CA) such as VeriSign or Equifax. You can use your own existing signed certificate, or you can use the Digital Certificate tool on the PTM Appliance to create a certificate, have it signed by a trusted certificate authority, and then add it to the PTM Appliance.

NOTE:The DNS name of the server must match the subject of the security certificate.

To import your signed certificate, you must provide the certificate and key, as described in Digital Certificates in the PTM 2 Appliance Guide.

2.3.3 Proxy Services

PTM Server is proxy aware. It can use the Proxy Client settings on the host Appliance for communications with the Micro Focus License Server. Persistent Internet access is required to license the individual workloads during the planning process. You might need to configure proxy services in a highly restrictive networking environment.

See Configure Proxy Client Settings in the Appliance Guide.

2.3.4 Unique Login Credentials for Each Connector Instance

To distinguish actions initiated by the project’s Connector instance, we strongly recommend that you create a unique User object to use for the Connector login credentials instead of using a real User object. Create this special user as a System user, then assign it a Project Architect role at the Project level. Create a different User object for each Connector instance with permissions appropriate for its assigned project.

To add a dedicated user, see Section 10.4, Creating a User for Connector Login.

2.3.5 Password Security for Credentials Resources

PlateSpin Transformation Manager uses industry-standard strong encryption to secure passwords in the PTM database for the Credentials resources used to access source machines and target hosts. The 16-digit key is randomly generated during the Appliance installation. The key is unique to each PTM server. As new Credentials resources are created, their passwords will be encrypted with this key.

The encryption key is stored as the tm.encrypt.key property in the system.properties file:


PTM writes the system.properties file to a ZIP file and saves it in the /vastorage/conf/ folder when the PTM Appliance shuts down.

The system.properties file is protected by the strength of the password you set for root and other system users on the Appliance as well as other security best practices in your data center.

2.3.6 Password Security for the Connector User Password

PlateSpin Migration Connector uses industry-standard strong encryption to securely store the Connector User password in the Connector configuration file.