Skip to content

Deployment Checklist

Guideline Details
Security hardening

Guidelines for hardening the security of a WSO2 deployment in a production environment can be discussed under three high-level categories:

  • Product-level security
  • OS-level security
  • Network-level security

Hostname

By default, WSO2 products identify the hostname of the current machine through the Java API. However, this value sometimes yields erroneous results on some environments. Therefore, users are recommended to configure the hostname by setting the relavent parameter in the <PRODUCT_HOME>/repository/conf/deployment.toml file.

Related links
User stores

WSO2 products offer three choices to store user details:

  • Using a database
  • Using an LDAP server
  • Using an Active Directory service

The default is to use the embedded H2 database, with the user store schema. Like in the case of the registry database, you can switch to a database like Oracle, MySQL or MSSQL. You can point to an existing LDAP or an Active Directory to make use of existing user bases and grant access privileges for WSO2 products based on those user stores.

Related links
Tuning WSO2 products

WSO2 Identity Server has additional guidelines for optimizing the performance of product-specific features.

Firewalls

The following ports must be accessed when operating within a firewall.

  • 9443 - Used by the management console and services that use the servlet transport, and is defined in the <PRODUCT_HOME>/repository/conf/deployment.toml file.
Proxy servers

If the product is hosted behind a proxy such as ApacheHTTPD, users can configure products to use the proxy server by providing the following system properties at the start-up.

Alternatively, this can be done by adding the following configurations in the < PRODUCT_HOME>/repository/conf/deployment.toml file.

High availability

For high availability, WSO2 products must run on a cluster. Databases used for the repository, user management, and business activity monitoring can also be configured in a cluster or can use replication management provided by the RDBMS.

Related links
Data backup and archiving For data backup and for archiving of data, use the functionality provided by the RDBMS.
Top