Operations Basics / Version 2210
Table Of ContentsCoreMedia components communicate through various TCP based protocols. To that end, server ports are opened. You should make sure that only required ports are open.
The application server can open multiple connectors, for example, supporting both HTTP and AJP. You should disable the ports you don't need.
Prefer HTTPS over HTTP and, where possible, disable the HTTP ports entirely. See Section 4.4.5, “Preparing Spring Boot applications for HTTPS Connection” for instructions on the Tomcat configuration.
Both Content Server and Workflow Server need a CORBA server port opened by the ORB. They can use a dedicated ORB, but typically they use the ORB provided by the application container as described in Section 4.4, “Communication between the System Applications”.
CORBA clients will also instantiate an ORB if it is not provided by an application container.
Server ports that listen to many network interfaces are more prone to attacks. In Section 4.4.3, “Binding Only a Single Network Interface” you can find procedures to limit the number of network interfaces bound when providing services.
Services can be managed by means of JMX. Use the existing JMX connectors and do not open additional connectors. Make sure that accesses to the connectors are subject to authentication.