Skip to main content

 

Documentation & User Guides | FotoWare

Checklist for securing your FotoWare installation

Use this checklist to make sure all major aspects of your FotoWare system has been secured

Security checklist

Web access to FotoWeb

Since access to FotoWeb is often possible over the internet, it's important to configure the firewall to only allow access on http ports - port 80 for unsecured communications and/or port 443 for secured connections. Depending on the required level of security it is possible to configure FotoWeb to only allow secured connections.

You can learn more about securing FotoWeb here.

Communications between Index Manager and FotoWeb

Index Manager handles file system crawling and indexing and pushes metadata to the FotoWeb server.

FotoWeb also communicates with Index Manager over an HTTP-based protocol. 

Learn how to best configure the connection between these services to maintain a high level of security.

Communications between FotoStation and Index Manager

Communications between FotoStation clients and Index Manager use the same FWP protocol as FotoWeb-Index Manager connections. This runs on port 7000 (unsecured) or 7001 (secured). When the Operations Center is installed (it comes with all FotoWare server applications) is installed a self-signed certificate is installed on the server to make it possible to secure communications immediately without installing an additional third-party trusted certificate. You can learn more about choosing ports and optionally enforcing secure connections and how to install a separate, trusted security certificate.

Access to the Operations Center

A user with access to the Operations Center will be able to start, stop, and configure FotoWare services on the server. Access to the Operations Center is controlled through two groups on the server - FotoWare Administrators and FotoWare Operators. While Operators may only monitor logs and start and stop services, FotoWare Administrators get access to configure the workflows and archive configurations.

You can learn more about these groups and their access rights by clicking here.

In addition to limiting access to the Operations Center by users and groups it is possible, as described above, to enforce secure connections (TLS) to the Operations Center configuration as well.

  • Was this article helpful?