2 Performing a Secure ASAP Installation

This chapter presents planning information for your Oracle Communications ASAP system and describes recommended deployment topologies that enhance security.

For more information about installing ASAP, see ASAP Installation Guide.

Pre-Installation Configuration

This section explains the pre-requisites to install ASAP securely:

  • You must have at least one dedicated UNIX group and one dedicated user account within that group for ASAP.

    • Create a group for ASAP that includes the ASAP user account and the root user.

  • When creating the ASAP WebLogic Server domain:

    • Make sure that the administration server and the optional managed server SSL ports are used.

    • After you have created the WebLogic Server domain for ASAP, start the WebLogic administration server. Then, use t3s to start the managed server:

      startManagedWebLogic.sh ManagedServer t3s://host_name:SSL_Port 
      

      Where ManagedServer is the name of the WebLogic managed server, host_name and SSL_Port are the host name and the secure port number of the WebLogic administration server.

  • Using the WebLogic Server Administration Console, configure certificate identity and trust store to use TLS protocol. Do not use the default, demonstration certificate that comes with WebLogic Server. See the WebLogic Server documentation for more information.

Note:

Oracle recommends that you configure WebLogic Server SSL ports so that only the TLS protocol is enabled. The SSL v3.0 protocol should be disabled.

Installing ASAP Securely

You can perform a custom installation or a typical installation. Perform a custom installation to avoid installing options you do not need. Unused options and sample files can contain security vulnerabilities if deployed in a production environment.

To deploy and configure ASAP resources securely in the ASAP WebLogic Server domain, do the following:

  1. Follow the steps to install ASAP as described in the ASAP Installation Guide, selecting the following:

    1. In the WebLogic Configuration screen, enter the secure port of WebLogic administration server.

    2. Select the option Use SSL.

      The Enter Keystore File field is enabled.

    3. In the Enter Keystore File field, enter the KeyStore file.