During the installation process, by default the server is configured to use Secure Sockets Layer (SSL) for secure communication. The server is configured to use SSL in both manual and silent installations. In addition to SSL communication, role-based access controls are available that determine what actions a particular user can do.
In general, you configure security on the application server or the database server, not in IBM® UrbanCode™ Deploy. IBM UrbanCode Deploy communicates with the database by using the Java™ Database Connectivity (JDBC) provider on the application server.
To learn about configuring Lightweight Directory Access Protocol (LDAP) authentication, see Authentication realms.
You can configure a Federal Information Processing Standards (FIPS) compliant server by specifying options at installation time. A FIPS-compliant server has certain limitations. See Installing the server in interactive mode.
You can use tokens to secure communications between products that integrate with IBM UrbanCode Deploy. To learn more about tokens, see Tokens.
The following table shows the default port numbers for the server.
Port type | Default port number |
---|---|
Incoming connections to the server web interface (HTTP) | 8080 |
Incoming connections to the server web interface (HTTPS) | 8443 |
Java Message Service (JMS) | 7918 |
Communication with the Rational® Common Licensing server | Port 27000 for the lmrgd daemon. The port numbers for the vendor daemon can change, but are typically between 27001 and 27009. See your Rational Common Licensing server for the active ports. |
Port type | Default port number |
---|---|
Incoming connections to the blueprint designer web interface (HTTP) | 8080 |
Incoming connections to the blueprint designer web interface (HTTPS) | 8443 |
Incoming connections to the engine | 8004, 8000, 8003, and RPC ports |
Incoming connections to the cloud discovery service | 7575 |
The blueprint design server must also be able to create outgoing connections to cloud systems, the engine, the cloud discovery service, and the database. The communication with the Rational Common Licensing server uses port 27000 for the lmrgd daemon. The port numbers for the vendor daemon can change, but are typically between 27001 and 27009. See your Rational Common Licensing server for the active ports.
IBM UrbanCode Deploy supports multiple keystores, which support different security features. The following list describes the default keystores.
For more information on keystores and certificates, see Configuring SSL on Apache Tomcat and LDAP servers.
The only user IDs that are created by default are admin for the server and ucdpadmin for the blueprint designer. To change the password for admin, in the server, click Internal Authentication authentication realm.
. To change the password for ucdpadmin, click and select theFailed login attempts are stored in the database. Except for the default admin password, all passwords are stored in encrypted form in the database. After you change the default admin password, it is also stored in encrypted form.
You can create and delete users and add users to groups and teams in IBM UrbanCode Deploy. To learn more, see Managing security. On the server, the superuser account with special security privileges is admin. On the blueprint editor, the superuser account with special security privileges is ucdpadmin.
The IBM UrbanCode Deploy server and the blueprint designer have separate lists of users and teams.
Depending on the configurations that are deployed, this software offering might use cookies that can help you to collect personally identifiable information. For information about this offering’s use of cookies, see the Notices topic.