Checklist for securing your FotoWare installation
Security checklist
Web access to FotoWeb
Since access to FotoWeb is often possible over the internet, it's important to configure the firewall to only allow access on http ports - port 80 for unsecured communications and/or port 443 for secured connections. Depending on the required level of security it is possible to configure FotoWeb to only allow secured connections.
Communications between Index Manager and FotoWeb
Index Manager handles file system crawling and indexing and pushes metadata to the FotoWeb server.
FotoWeb also communicates with Index Manager over an HTTP-based protocol.
Communications between FotoStation and Index Manager
Communications between FotoStation clients and Index Manager use the same FWP protocol as FotoWeb-Index Manager connections. This runs on port 7000 (unsecured) or 7001 (secured). When the Operations Center is installed (it comes with all FotoWare server applications) is installed a self-signed certificate is installed on the server to make it possible to secure communications immediately without installing an additional third-party trusted certificate. You can learn more about choosing ports and optionally enforcing secure connections and how to install a separate, trusted security certificate.
Access to the Operations Center
A user with access to the Operations Center will be able to start, stop, and configure FotoWare services on the server. Access to the Operations Center is controlled through two groups on the server - FotoWare Administrators and FotoWare Operators. While Operators may only monitor logs and start and stop services, FotoWare Administrators get access to configure the workflows and archive configurations.
You can learn more about these groups and their access rights by clicking here.
In addition to limiting access to the Operations Center by users and groups it is possible, as described above, to enforce secure connections (TLS) to the Operations Center configuration as well.