Skip to main content
Documentation & User Guides | Fotoware

Checklist for securing your Fotoware installation

Use this checklist to make sure all major aspects of your Fotoware system has been secured

Security checklist

Web access to FotoWeb

Since access to FotoWeb is often possible over the internet, it's important to configure the firewall to only allow access on http ports - port 80 for unsecured communications and/or port 443 for secured connections. Depending on the required level of security it is possible to configure FotoWeb to only allow secured connections.

For more information about securing FotoWeb, see Securing the FotoWeb server.

Communications between Index Manager and FotoWeb

Index Manager handles file system crawling and indexing and pushes metadata to the FotoWeb server.

FotoWeb also communicates with Index Manager over an HTTP-based protocol. 

For information on how best to configure the connection between these services to maintain a high level of security, see Securing communications between FotoWeb and Index Manager

Communications between FotoStation and Index Manager

Communications between FotoStation clients and Index Manager use the same FWP protocol as FotoWeb-Index Manager connections. This runs on port 7000 (unsecured) or 7001 (secured). When the Operations Center is installed (it comes with all Fotoware server applications) is installed a self-signed certificate is installed on the server to make it possible to secure communications immediately without installing an additional third-party trusted certificate. You can learn more about choosing ports and optionally enforcing secure connections and how to install a separate, trusted security certificate.

Access to the Operations Center Status

A user with access to the Operations Center Status can start, stop, and configure Fotoware services on the server. Access to the Operations Center Settings is given to the Fotoware Administrators group on the server.  and Fotoware Operators. While Operators may only monitor logs and start and stop services, Fotoware Administrators can monitor logs, start and stop servers, and configure workflows and archive configurations.

For more information about this group and its access rights, see Giving users access to configure Fotoware server applications.

In addition to limiting access to the Operations Center by users and groups you can, as described above, enforce secure connections (TLS) to the Operations Center configuration as well.

  • Was this article helpful?