In addition to the default installation instructions, you may wish to configure additional security measures, namely using secure data transmission (HTTPS) and configuring non-default users for RabbitMQ.
After install, the Endpoint Web Service is active and ready to accept any incoming messages at the Endpoint URL displayed by the installer. However, the incoming data is not encrypted, i.e. with SSL. This section explains how to enable SSL for the endpoint.
To use SSL for incoming messages, upstream clients (typically instrumented applications) must be configured to initiate requests via HTTPS. See the appropriate documentation included with your PreEmptive Analytics product(s) to configure instrumented applications appropriately.
You must obtain and install a valid SSL certificate. Instructions for doing so are typically provided by the issuing certification authority or your internal Operations department. For example, here are instructions (for IIS 8) for generating a certificate signing request and installing an SSL certificate.
Once the certificate is installed, the Endpoint Web Service must also be configured to support SSL, as follows:
httpsin the Type drop-down.
443is the default).
These changes take effect immediately, no restart is required.
Using SSL for outbound data depends on the destination's support for it, and is a simple matter of configuration. This can be used independently of SSL configuration with the Endpoint. Please see these examples for
how to configure this in the
We recommend disabling vulnerable SSL ciphers to prevent exploits, including man-in-the-middle attacks. This can be done by running the latest version of this PowerShell script.
In the default configuration, RabbitMQ is set up with one admin account with default credentials, which the application uses to interact with the queues. Even though the installation, by default, limits RabbitMQ access to the local host (
because these default credentials are well-known, you may wish to replace this default user with other users with unique passwords.
To do so:
guestwith a password of
guest, add an admin user.
RabbitServerPasswordto match the credentials of the application user.