This topic is relevant for NextGen Synchronizer only, embedded in Agile Manager's configuration area. For details about the ALM Synchronizer, see for .
The Integration Bridge does not expose any internal information. Additionally, HP application JAR files are signed by HP, helping to validate the code's origin.
Communication between the Integration Bridge and Agile Manager is secured by SSL.
The agent logs in to Agile Manager using the user credentials provided during installation, or later as described in Set Agile Manager credentials.
To connect to a secured Agile Manager or ALM server using a self-signed certificate, import the server's certificate to the JRE's truststore in the following directory:
<Integration Bridge installation directory>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\
Do the following:
With Agile Manager or ALM open in your browser window, export the certificate from the browser, and save it to a file named server.cer.
On the Integration Bridge machine, place the server.cer file in the <Integration Bridge installation\product\util\3rd-party\jre1.7.0_51\jre\bin directory .
Use the keytool command from the <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\bin directory to import the server.cer file to the <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\cacerts directory.
For example:
keytool.exe -import -v -trustcacerts -alias tomcat -file server.cer -storepass <password> -keystore <Integration Bridge installation>\product\util\3rd-party\jre1.7.0_51\jre\lib\security\cacerts -keypass <password>
Restart the Integration Bridge.
Passwords for connecting to endpoints are encrypted and saved on the customer's machine, preventing credentials from being transferred to another machine.
The encryption method uses keys that are randomly generated during installation. The agent uses AES 128 as the main encryption method.
Download sources | Do not download the Integration Bridge installation file or updates from unknown sources. |
Integration Bridge agent machine | Install the Integration Bridge on a dedicated, hardened machine. |
Integration Bridge agent network |
Deploy the Integration Bridge in an isolated network, with a firewall between the bridge and the target on-premise application.
|
Installation folder |
The Integration Bridge service is run using the Windows Local System service user. You can protect the Integration Bridge installation folder by granting permissions to that folder only to administrators and the Local System service user. |
Integration Bridge user |
The Agile Manager user with the Integration Bridge role should not have any other additional roles. |
On-premise application users |
When defining permissions for users of on-premise applications that communicate with Agile Manager, such as ALM users, limit permissions to specifically required operations only. |