The Integration Bridge does not expose any internal information. Additionally, HPE application JAR files are signed by HPE, helping to validate the code's origin.
The Integration Bridge uses OAuth authentication when connecting to ALM Octane, instead of using the credentials of an ALM Octane user.
Communication between the Integration Bridge and ALM Octane is secured by SSL.
The bridge logs in to ALM Octane using the ALM Octane user credentials or client ID and secret provided during installation, or later as described in Set ALM Octane credentials.
If you connect to a secured
To establish this trust, import the issuer's certificate to the JRE's truststore in the following directory:
<Integration Bridge installation directory>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\ (On Linux, reverse the slashes in this path and the ones below)
Do the following:
With ALM Octane or ALM open in your browser window, export the certificate from the browser, and save it to a file named server.cer.
On the Integration Bridge machine, place the server.cer file in the
<Integration Bridge installation\product\util\3rd-party\jre1.7.0_51\jre\bindirectory.
Use the keytool command from the
<Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\bindirectory to import the server.cer file to the <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\cacertsdirectory.
keytool.exe -import -v -trustcacerts -alias <alias>
-file server.cer -storepass <password> -keystore <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\cacerts
Note: You may need to repeat this command for the rest of the certificate chain, using a different alias each time.
Restart the Integration Bridge.
Passwords for connecting to endpoints are encrypted and saved on the customer's machine, preventing credentials from being transferred to another machine.
The encryption method uses keys that are randomly generated during installation. The bridge uses AES 128 as the main encryption method.
|Download sources||Do not download the Integration Bridge installation file or updates from unknown sources.|
|Integration Bridge machine||Install the Integration Bridge on a dedicated, hardened machine.|
|Integration Bridge network||
Deploy the Integration Bridge in an isolated network, with a firewall between the bridge and the target on-premise application.
Integration Bridge permissions
By default, the Integration Bridge service runs using the Windows Local System service user.
To increase system security, assign a simple Windows user to run the Integration Bridge.
Tip: You can protect the Integration Bridge installation folder by granting permissions to that folder only to administrators, the Local System service user, and the dedicated user you created.
Integration Bridge permissions
The Integration Bridge runs using the permissions of the Linux user that installed it, and this user will have full read, write, and execute permissions on all of the folders and files installed with the bridge.
Therefore, you may want to consider installing the Integration Bridge as a non-root user. If you do:
|Installing multiple Integration Bridges||
If you install multiple bridges, we recommend that you use a separate set of ALM Octane credentials (client ID and secret) for each bridge.
|Integration Bridge user||
The ALM Octane user with the Integration Bridge role should not have any other additional roles.
|On-premise application users||
When defining permissions for users of on-premise applications that communicate with ALM Octane, such as ALM users, limit permissions to specifically required operations only.
When a new version of the Integration Bridge is available, it is automatically downloaded from ALM Octane. The HPE signature on the downloaded file is verified before the new version is installed.