FileNet P8 Platform, Version 5.2.1            

Storage area security

FileNet® P8 objects, including document objects, are stored in the object store's database. This is handled automatically when you successfully complete the object store wizard, and no additional set up is required. However, the files referenced by the content element property of a document object must be stored in one or more of the supported content storage areas.

Security must be configured on the shared directory location under which file storage areas, fixed storage area staging directories, advanced storage area file system devices, and content cache areas will be created.

The advanced storage area can use Content Platform Engine server communication to transmit messages between Content Platform Engine sites. These messages are used to perform content creation, retrieval, validation, and deletion operations on a storage device located in a different site. Because these operations are sent over the WSI transport between Content Platform Engine servers, they are secured with one-time passwords signed with the Content Platform Engine domain master key. These operations are performed at the destination with the assumption that the proper security checks have been completed at the source site. Therefore, server communication messages must always be sent over a secure channel. A secure channel can be established between sites by using a VPN that encrypts the traffic or by specifying the https (SSL) protocol on the Content Platform Engine ServerCommunicationURL property set on a Virtual Server. If the Content Platform Engine domain master key is ever compromised, either by the interception of these messages or by some other means, you must immediately change the domain master key. For more information, see Resetting keys.



Last updated: October 2015
p8psa026.htm

© Copyright IBM Corporation 2015.