This article describes the best practices concerning security when installing and using Blueriq.
Blueriq Studio installation
When running the installer to install Blueriq Studio (Installing Blueriq), 3 users are created:
admin
runtime
administationpage
Please make sure to change the default password during installation.
After the typical / custom installation the users are stored locally. Although the credentials are encrypted within Studio, it is advisable to authenticate against an Active Directory instead. This way managing users is done outside Blueriq and you have more control over password and lockout policies. Also the passwords are stored in the Active Directory and not within Studio.
To install or change Blueriq Studio security and user management, please read this article: Studio Configuration
Since Blueriq 9.7 we've added Kerberos support which is the prefered protocol by Microsoft over NTLM: Kerberos support
Securing the administation page
During installation of Studio, an administration console is also installed. Via this console it is possible to download or upload a Studio repository. The Studio repository contains the models and business logic so it is advisable to secure this console. This is done by following the steps in this article: Studio Configuration
Blueriq Runtime installation
Installing the Blueriq Runtime is done by following the steps in one of the articles below:
In a development environment, after installation, the first thing that needs to be done is connecting to a Blueriq Studio to retrieve projects. This can be done by editing the aquima.properties (R10: application-dev.properties) or via the development dashboard (Configure Studio connection). In R9 it is advisable to use the development dashboard to connect because this way the password is encrypted.
Other connections like SOAP or REST connections which use authentication should also be configured using the development dashboard so these passwords are encrypted as well (Solutions for configurable web service location).