Setting security options
You can enable encryption to secure client/server communication. Encryption scrambles data to prevent interception, or eavesdropping, as it passes between clients and the Helix ALM Server. You can also use RSA key exchange for stronger encryption keys if your network is potentially insecure or if users log in to Helix ALM from outside of your network.
See Securing communication between clients and the Helix ALM Server for information about encryption, authentication, and key exchange methods used in Helix ALM.
Tip: Review the Security Best Practices for information about properly managing and securing your Helix ALM and license server data.
1. Click Server Options.
The Options
2.
Tip: The OpenSSL version used by Helix ALM is displayed. Any vulnerabilities found in OpenSSL are published on the OpenSSL web site. To check if OpenSSL version displayed in Helix ALM has vulnerabilities that impact Helix ALM, check the knowledgebase or contact Perforce Support for information.
3. Select Enforce security over backward compatibility if conflicts occur to always enforce the selected encryption option even if a client does not support it.
For example, if this option is selected and an old Surround SCM version is integrated with Helix ALM, a security error is displayed and the integration will not work because Surround SCM does not support the same security as Helix ALM.
4. Select Encrypt communication between clients and the server to encrypt all communication between clients and the Helix ALM Server, which reduces the likelihood of eavesdropping by hackers.
Encryption increases security, but may slightly affect performance. Select this option if you organization’s network is secure and no client applications outside of the network communicate with the server.
Tip: Always use encryption to keep data secure unless you are evaluating Helix ALM or troubleshooting performance issues.
5. Select Use RSA key exchange to use strong key exchange for communication between clients and the Helix ALM Server.
RSA is a public key encryption algorithm that uses separate keys for encryption and decryption. Select this option if your organization stores sensitive information in Helix ALM and users log in to client applications outside of your network using a username and password. If you use RSA, the public key must be added to all clients that access the Helix ALM Server. See Configuring RSA key exchange for information about setting up RSA.
Note: This option is only available if Encrypt communication between clients and the server is selected.
6. Click
If you change key exchange options, Helix ALM client applications and the web server that hosts Helix ALM web clients must be updated. The following scenarios require further action after changing security settings.
| If you use: | And you change it to: | You need to: |
|---|---|---|
| No encryption | RSA key exchange | Download a settings file that Helix ALM client users need to import in the server connection settings. If you use Helix ALM web clients, import the file in the Helix ALM Registry Utility on the web server computer. |
| RSA key exchange | No encryption or basic encryption (Encrypt server communication between clients and the server is selected) | Remove the public key fingerprint from any clients that connect to the server. Click Remove in the server connection information in clients and in the CGI options for server in the Helix ALM Registry Utility. |
See Configuring RSA key exchange for information about adding and removing keys in Helix ALM clients.
