The Apama security model for correlator and IAF components is that untrusted users must not be given access to any related files or to send or receive data on any of the correlator or IAF network ports. It is assumed that any user able to access these files or ports is trusted and has permission to make arbitrary changes and read arbitrary data. Such users are also permitted to inject arbitrary code into a correlator and execute it with the permissions of the correlator process.

You must use the standard tools and configuration means of your operating system and network to restrict access to the IAF and correlator components to only trusted users.

You must use the standard tools of your operating system to restrict access to all configuration and data files to only trusted users.

Correlator and IAF log levels must be set to INFO (or more verbose) to ensure that all security-relevant events are written to the log files.

If components must connect across an untrusted network, then either a standard overlay tool such as a VPN must be used, or the interconnection has to be done via Universal Messaging with appropriate controls and restrictions configured in Universal Messaging.

If you need to restrict the data sent from certain users to the correlator, then all interconnections must be done via Universal Messaging with appropriate controls and restrictions configured in Universal Messaging.

For access from untrusted hosts, you should deploy your dashboards to the web server using either a Display Server, applet and/or WebStart deployment option. The Dashboard Server or Display Server processes should be running the behind a firewall, just like the correlators. When accessing the Dashboard Server by using a standalone Dashboard Viewer outside the firewall, make sure to run the Dashboard Server with the --ssl option, which will ensure secure sockets for client communication using the data port. You must also ensure that the management ports of both servers are not exposed to end users.

The following diagram depicts the recommended dashboard deployment options:

Authentication for the Display Server is done via JAAS and your authentication mechanism of choice.

For a dashboard audit trail, you must load the Dashboard Support bundle into the correlator processing audit events and handle the DashboardClientConnected and DashboardClientDisconnected events, logging them in an appropriate manner.