Establishing secure connections is necessary to maintain safe communications among FairCom servers and data collection devices. The following process for establishing TLS connections is recommended when deploying FairCom servers.
Security
- Create a valid certificate for each FairCom Edge server.
- Configure the certificate for
HTTPSconnections only. - Turn on file encryption.
- Change the ADMIN password to a secure password.
- Add additional user accounts for applications and end users.
Do not allow application and end-user accounts to have admin access or to know the ADMIN password. Ensure each account has a secure password.
Configuration settings
- Update the settings in the
ctsrvr.cfgfile to fit production needs.
Increase the default topic settings for FairCom Edge and FairCom MQ. There needs to be 62*number of expected topics. If the persistence settings were changed it will be (retentionPeriod+1)*2.
- Verify that the system files limit is at least as high as the
FILESsettings from Step 1. - Increase the
DAT_MEMORYandIDX_MEMORYsettings to allow caching as much of the data you expect to access as possible.
Keep this within the footprint of the physical RAM the hardware has available.
- Store the
data,index, andtranlogfolders on fast local SSD storage.
Using a shared or network volume to store these files will dramatically slow down performance.