Encrypt communication between the application and database servers

To prevent your data from being exposed in a readable format on the network, use Secure Socket Layer (SSL) to encrypt the network traffic between the application and the database servers.

If you have a dedicated server for your database (operational database or datamart database), encrypt the data traffic between the application and database servers and between the ETL and datamart servers.
Important: The following steps are applicable only in a multi-box installation setup.

Log onto the server as root user always

  1. Stop TeamForge on all the servers.
    • teamforge stop
  2. Add the following site option tokens in all the TeamForge servers.
    1. If the operational database is running on a separate server, include the token DATABASE_SSL=on.
    2. If the datamart database is running on a separate server, include the token REPORTS_DATABASE_SSL=on
      Note: It is mandatory to include the tokens specified above in all the servers.
  3. Provision services.
    • teamforge provision
    Note:

    TeamForge 17.4 (and later) installer expects the system locale to be LANG=en_US.UTF-8. TeamForge "provision" command fails otherwise.

  4. Start TeamForge.
    • teamforge start
  5. Verify that your PostgreSQL database is running in the SSL mode.
    1. Log in to the database server.
    2. Run the following command:
      • grep "ssl = " var/lib/pgsql/9.6/data/postgresql.conf
      • Observe:"ssl = on"