Encrypt communication between the application and database servers

To prevent your data from being exposed in a readable format on the network, use Secure Socket Layer (SSL) to encrypt the network traffic between the application and the database servers.

If you have a dedicated server for your database (operational database or datamart database), encrypt the data traffic between the application and database servers and between the ETL and datamart servers.
Important: The following steps are applicable only in a multi-box installation setup.

Log onto the server as root user always

  1. Stop TeamForge on all the servers.
    • /opt/collabnet/teamforge/bin/teamforge stop
  2. Add the following site option tokens in all the TeamForge servers.
    1. If the operational database is running on a separate server, include the token DATABASE_SSL=on.
    2. If the datamart database is running on a separate server, include the token REPORTS_DATABASE_SSL=on
      Note: It is mandatory to include the tokens specified above in all the servers.
  3. Deploy services.
    • /opt/collabnet/teamforge/bin/teamforge provision
    Note:

    The "provision" command prompts for response before it bootstraps or migrates data during TeamForge installation and upgrade respectively. Enter "y" or "N" to proceed. For more information, see the TeamForge script.

    TeamForge 17.4 (and later) installer expects the system locale to be LANG=en_US.UTF-8. TeamForge "provision" command fails otherwise.

  4. Start TeamForge.
    • /opt/collabnet/teamforge/bin/teamforge start
  5. Verify that your PostgreSQL database is running in the SSL mode.
    1. Log in to the database server.
    2. Run the following command:
      • grep "ssl = " var/lib/pgsql/9.6/data/postgresql.conf
      • Observe:"ssl = on"