Security and Access Control

Iotellect has a flexible and highly customizable security architecture.

It's designed for ensuring enterprise-grade security of applications based on the platform, as well as building secure public web services with millions of users.

Iotellect Server enables audit trails by implementing two methods of reporting all important events and activities, including security events:

• Internal events that can be persistently stored in a server database or routed according to custom rules

• Logging engine that uses file-based logging by default

Iotellect Server fully manages its own data storage. No system usage scenarios assume that it might be necessary to directly access any data stored in a server database.

Since all access to the database goes through Iotellect Server core, all access attempts are authorized according to internal role-based access control.

All security-sensitive data, such as authentication/authorization credentials for devices and external systems, is encrypted before it's stored in the configuration database.

Iotellect protocol is a communication protocol used for data exchange between primary Iotellect components: servers, clients, and agents. This protocol uses SSL/TLS encryption, which is enabled by default.

Security of data exchange between Iotellect Server and devices depends on security and encryption options offered by the device's communication protocol. In the majority of cases, if a certain communication protocol supports some security and data encryption options these options are supported by a corresponding device driver as well, allowing secure data exchange.

Iotellect protocol is using SSL/TLS version 1.3 by default. If a client requests a lower SSL/TLS version when connecting to the server (for example, a user tries to open the Web UI using an old browser), the server will downgrade to the requested version, as long as that version is enabled on the server. Certain cryptographic algorithms can be disabled by editing the jdk.tls.disabledAlgorithms property located in the <Iotellect installation directory>/jre/lib/security/java.security file.

All connections to Iotellect Server through the Web UI or any API (such as SOAP or REST API) are always authenticated and authorized.

Every attempt to access the unified data model is validated according to the permissions of an authorized user.

Active system objects (such as alerts or models) inherit the permissions of their owners once they access the unified model.

See the Role-based Access Control section for more information.

Iotellect Server is a standalone Java application that is deployed by a dedicated installer. The server doesn't use any OS-specific methods (such as Windows Registry or Linux IPC) for exchanging data with other processes and applications running on the same host. All data exchange is performed through files and IP-based communications via local host.

The installer takes care of configuring file access permissions within the Iotellect Server installation folder, no manual file permission configuration is necessary.

Was this page helpful?

Tell us more

Send

Thank you!