Deployment Checklist¶
Guideline | Details |
---|---|
Security hardening |
Guidelines for hardening the security of a WSO2 Identity Server deployment in a production environment can be discussed under three high-level categories:
|
Hostname |
By default, WSO2 Identity Server identifies the hostname of the current machine through the Java API. However, this value sometimes yields erroneous results on some environments. Therefore, users are recommended to configure the hostname by setting the relavent parameter in the <IS_HOME>/repository/conf/deployment.toml file. Related Topics |
Userstores |
WSO2 Identity Server offers three choices to store user details:
|
Tuning WSO2 products |
WSO2 Identity Server has additional guidelines for optimizing the performance of product-specific features. Related Topics |
Firewalls |
The following ports must be accessed when operating within a firewall.
Related topics
|
Proxy servers |
If the product is hosted behind a proxy such as ApacheHTTPD, users can configure products to use the proxy server by providing the following system properties at the start-up.
-Dhttp.proxyHost=xxxx
Alternatively, this can be done by adding the following configurations in the <IS_HOME>/repository/conf/deployment.toml file.
[transport.https.properties]
|
High availability |
For high availability, WSO2 Identity Server must run on a cluster. Databases used for the repository, user management, and business activity monitoring can also be configured in a cluster or can use replication management provided by the RDBMS.
|
Data backup and archiving | For data backup and for archiving of data, use the functionality provided by the RDBMS. |