Complete the following steps to ensure your interactions with SystemLink are secure.

  1. Use firewalls to restrict open ports to only those ports your environment requires. The following table shows the ports and hostname that SystemLink Server uses.
    Note The hostname is the same for all hosts in SystemLink Server. For SystemLink TDM, refer to Setting Up a SystemLink Server.
    Host Ports Description Example
    Hostname 443, 4505, 4506

    The web application hostname that end users log into to interact with SystemLink. This hostname is used when configuring redirect URLs with your OpenID Connect provider.

    The API hostname that endpoint testers use to send and to retrieve SystemLink data.

    The hostname listening on the Salt ports used to established connections and send Salt commands to testers. Due to the capabilities of Salt, ensure that you configure firewalls and appropriate CIDR blocks to prevent exposing Salt ports to the public internet.

    		 app.sle.corp.com
    Note If your hosts have invalid hostnames, SystemLink cannot receive data from managed targets. Likewise, users cannot access the web application.
  2. In the production environments, update the security features.
    1. Disable Cross Origin Resource Sharing (CORS).
    2. Allow only requests from the app hostname, and other trusted web clients, to access the API hostname.
  3. Optional: Use HTTPS for communication between your SystemLink server and OpenID Connect provider.
    Tip A SystemLink server does not require OpenID Connect authentication. For more information about using OpenID Connect for SystemLink, refer to Single Sign-on with OpenID Connect in the SystemLink Operations Handbook.
  4. Assign a strong password for the admin user on managed NI Linux Real-Time targets.

    These credentials are necessary under the following circumstances:

    • When creating an SSH connection to a target.
    • When a SystemLink server adds a Linux Real-Time target to the collection of managed systems.
  5. If applicable, configure your remotely connected MongoDB instance to use TLS communication. Refer to the MongoDB documentation for information on how to enable TLS.
  6. Set up the SSL certificate for SystemLink Server. For more information, refer to Network Security in the SystemLink Operations Handbook.