Upgrading and downgrading security

To give your organization the greatest possible flexibility, the system is installed with no security. Your organization can add these security features at any time.

Security features can be added only on the computer that runs the host server. To use advanced security, host server and client must be connected to a security server on a different computer.

To upgrade security, use the Security Upgrade utility.

  • If you currently run the engine with no security, then you can upgrade to basic security or advanced security. Upgrading to advanced security automatically adds basic security.
  • If you currently run the engine with basic security, then you can upgrade to advanced security.

Advanced security can be added only on a computer system that runs host server. To enable security administration, you must add advanced security to one and only one host server, no matter how many are included in your system. If your system already has basic security, then you must add advanced security on the same computer system where basic security is located.

The SecurityUpgrade.log file logs information from the SecurityOptions class. This class contains the upgrade information. For example, "none to basic," "none to advanced," "basic to advanced," and so on.

The SecurityUpgrade.log file is generated in the HCIROOT folder.

Notes

  • In a system with multiple host servers, security features should be added to each host server.
  • Certificates must be issued before any security upgrade.

Running CIS with basic or advanced security

In basic security, the IDE and host server establish a TLS 1.2 connection.

In advanced security, the IDE, host server, and security server establish a TLS 1.2 connection.

This connection uses TLS_DHE_DSS_WITH_AES_256_CBC_SHA256.

Upgrading/Downgrading from the command line

A mode parameter is available on the command line for different combinations of security upgrade/downgrade.