8 Commonly Asked Security Questions

Document created by mike_c_frazier Employee on Nov 19, 2015Last modified by Adam Arrowsmith on Aug 30, 2016
Version 2Show Document
  • View in full screen mode

Common security questions about AtomSphere.

 

 

1) Can you please further elaborate on the usage and storage of the Private Key, and why this key is stored in the Dell Boomi Data Center?

 

An account is associated with one public/private key pair. Connector passwords are encrypted and stored using the account’s public key, and we use the account’s private key to decrypt them at runtime. Processes are run from the data center. So the private key has to be available to us when we run processes.

 

2) Can you please provide the Dell Boomi user account password strength requirements, e.g., minimum length, numbers, letters, symbols, caps, etc.?

 

This can be configured by the account admin. The Password Policy tab on the Setup page is used to establish rules for passwords used by users of the account. You can turn on or off any of the password rules.


If you change the account's password policy and there are already users of the account whose passwords may or may not match the new policy that you put into place, the next time that they log into the Dell Boomi platform they will see a message informing them that the password policy has changed. The message lists the new rules that are in place and informs users that they must enter their current password as well as a new password that conforms to the new policy. If a user's current password happens to match the new policy, they will be able to continue to use it by entering the current password in all of the fields.

 

3) Does Boomi implement user password expiration on a periodic basis? If so, what is this period of time before a password will expire / needs to be changed?

 

This can be configured by the account admin. The following rules are available when you set a password policy for an account. You can select none, any or all of these rules:

  • Passwords expire every 90 days.
  • Passwords must have a minimum length.
  • Passwords must contain characters from at least two of these groupings: alpha, numeric, and special characters.
  • Passwords must not contain sequences of three or more characters from the user ID.
  • Password must not match any of the previous four passwords.
  • Passwords must not contain a sequence of two or more characters more than once, e.g. a12x12.

 

4) Is there a lockout policy after a certain amount of incorrectly entered user passwords?

 

After 6 incorrect login attempts, the user is locked out and the account administrator will receive an alert email indicating what account was attempting to be logged into unsuccessfully.

 

5) Does Dell retain a log that captures user login attempts / fails / successes for a period of time?

 

This is logged as part of the general platform logs. This information is not publicly available and is managed by the Dell Boomi team.

 

6) When Boomi updates are available, does the Atom automatically install these or does it prompt the user to install the update?

 

By default the Atom will automatically download and install platform updates on the release date. However the Release Control feature allows you to apply new Atom (or Molecule or Cloud) and connector updates at any time during the two weeks before the full release. This allows you to select a time within that window that’s convenient for you to get and test the updates. The pending updates are applied per Atom. You are able to update your “Test” Atoms and test the changes against your processes before the full release. If you are happy with the test results you can apply the changes to your “Production” Atoms and move the updates into your production environment before the full release.

 

On the full release date all users will receive enhancements and user interface changes. Users who have not adopted the Atom and connector updates in advance will get those updates as well.

 

Dell Boomi AtomSphere users are located all over the world. They work in many different industries. Their business hours vary. They can have integration processes running at any time of the day or night. Therefore no particular date, day of the week or time of day will be convenient for everyone to receive a new release. Dell Boomi realizes this and wants to minimize the impact of new releases on your business.

 

A detailed Q&A on Release control is available here: Release Control

 

7) Are Java Platform (e.g., JRE) updates part of the periodic updates that the Atom recognizes / is alerted of, even if the Atom is installed on a Windows server?

 

No, in general Java updates must be applied manually by the customer. They are not included as part of the regular AtomSphere release.

 

8) Can you please confirm that once an Atom is installed locally on a server, it will initiate all communication with the Dell Boomi Data Center and it will not open any ports on the server which the Atom is deployed to?

 

Yes all communication is initiated by the Atom. The Atom will not attempt to change any port settings you have configured on your network. Traffic is defaulted to outbound traffic only, but with the Web Services Connector, the Atom can listen to incoming traffic if the port is opened.

4 people found this helpful

Attachments

    Outcomes