How to Ensure That My Connections are Secure?
It is highly recommended that all network connections between MMTE components are encrypted. It is done using the SSL protocol. All procedures for enabling SSL in MMTE are fully described in this documentation.
This topic is useful if you want to ensure that your changes are in effect and that connections are indeed established over SSL.
To check if the connection between MMTE Client and MMTE Server is secure, follow these steps:
- Close MMTE Client if opened.
- Start it again.
- Wait until it finishes initialization.
- Open the main MMTE Client log in any viewer or editor.
Find the event message similar to the following sample:
22.10;05:03:58.549 [AWT-EventQueue-0] DEBUG com.infolytik.ui.metaminer.Zdq - dataIntegrityUrl=http://mm.mycompany.com:49714/status/en
The date/time must correspond to the time of MMTE Client initialization and
dataIntegrityUrlto your MMTE Server hostname/IP address and port.
If it is
https, your connection between MMTE Client and MMTE Server is secure (encrypted with SSL).
If it is
http, it is not encrypted.
To check if the connection between MMTE Server and Tableau is secure, follow these steps:
- Open MMTE Administrator.
- Make sure your target Tableau environment(s) is/are added and connected successfully.
- Open the main MMTE Administrator log in any viewer or editor.
Find lines for connection events of the target Tableau environment(s), as in the following example:
Check the protocol indication on these lines.
If there are
[https]lines for the environment, then its connection is secure (encrypted with SSL).
If there are
[http]lines only, its connection is not encrypted.
To check if the connections to your MetaMiner Database are secure, follow these steps:
pgAdmin, or whatever PostgreSQL client software you prefer.
Run the following query:
SELECT datname, usename, ssl, client_addr FROM pg_stat_ssl JOIN pg_stat_activity ON pg_stat_ssl.pid = pg_stat_activity.pid;
Examine the result set. It might look like this:
datname | usename | ssl | client_addr -----------+----------+-----+------------- | postgres | f | metaminer | mmuser | f | 127.0.0.1 metaminer | mmuser | f | 127.0.0.1 metaminer | mmuser | f | 127.0.0.1 metaminer | readonly | f | ::1 metaminer | mmuser | t | 172.16.1.1 metaminer | john | t | 22.214.171.124 (7 rows)
sslcolumn means true (connection is encrypted) and
fmeans false (connection is not encrypted).
Make sure all external connections are encrypted.
This is fine if connections from localhost (
127.0.0.1) are not encrypted.