Setting Up SystemLink Network Security

Complete the following steps to ensure your interactions with SystemLink are secure.

  1. Use firewalls to restrict open ports to only those your environment requires. The following table shows the ports and hostnames SystemLink uses.
    Note The hostname is the same for all hosts in SystemLink Server. For SystemLink TDM, refer to Setting Up a SystemLink Server.
    Host Ports Description Example
    App Hostname 443 The hostname of the web application end users log into to interact with SystemLink Enterprise. This is the hostname used when configuring redirect URLs with your OpenID Connect provider. app.sle.corp.com
    API Hostname 443 The hostname of the API endpoint testers use to send and retrieve data from SystemLink. api.sle.corp.com
    Salt Post Hostname 4505, 4506 The hostname listening on the Salt ports used to established connections and send Salt commands to testers. Due to the capabilities of Salt, ensure that you configure firewalls and appropriate CIDR blocks to prevent exposing Salt ports to the public internet. salt.sle.corp.com
    Note If your hosts have invalid hostnames, SystemLink cannot receive data from managed targets and users cannot access the web application.
  2. Disable Cross Origin Resource Sharing (CORS) in production environments and allow only requests from the app hostname and other trusted web clients to access the api hostname.
    Note CORS is not a consideration for requests from test machines since they do not occur within a browser session. If you need to enable CORS to facilitate workflows for users developing web applications that interact with the SystemLink API, set up a test SystemLink Enterprise cluster with CORS enabled.
  3. Use HTTPS for communication between your SystemLink server and OpenID Connect provider.
  4. Assign a strong password for the admin user on managed NI Linux Real-Time targets. These credentials are required to SSH into the target and when a SystemLink server adds a Linux Real-Time target to its collection of managed systems.
  5. If applicable, configure your remotely connected MongoDB instance to use TLS communication. Refer to the MongoDB documentation for information on how to enable TLS.