This topic introduces security topics for an AppDynamics deployment.
Securing your Deployment
AppDynamics includes security features that help to ensure the safety and integrity of your deployment.
The Controller is installed with an HTTPS port enabled by default. SSL secures client connections and allows client to authenticate the Controller. The Controller UI supports HTTP Basic Authentication, along with SAML and LDAP authentication. Role-based access controls in the UI allow you to manage user privileges.
While the security features of the Controller are enabled out of the box, there are some steps you should take to ensure the security of your deployment. These steps include but are not limited to:
The SSL port uses a self-signed certificate. If you intend to terminate SSL connection at the Controller, you should replace the default certificate with your own, CA-signed certificate. If you replace the default SSL certificate on the Controller, you will also need to install the Controller's public key on the App Agent machine.
As an alternative to terminating SSL at the Controller, you can deploy the Controller behind a reverse proxy that terminates SSL. This relieves the Controller from having to process SSL connections.
- Along with a secure listening port, the Controller provides an unsecured, HTTP listening port as well. You should disable the port or block access to the point from any untrusted networks.
- Make sure that your App Agents connect to the Controller or to the reverse proxy, if terminating SSL at a proxy, with SSL enabled.
- The Controller and underlying components, Glassfish and MySQL, include built-in user accounts. Be sure to change the passwords for the accounts regularly and in general, follow best practices for password management for the accounts. For information on changing the passwords for built-in users, see Administrative Users.
The following topics provide much more information about securing your AppDynamics deployment: