All posts by Alexander Ananiev

Certificate Management Best Practices Summary

Posted on: November 25, 2018 | Posted in: Certificates, security

For more details, please refer to our certificate management document.

Best practices list:

* Restrict certificate validity to short periods of time
* Automate certificate renewal/refresh
* Implement certificate validation/revocation mechanism (OSCP)
* Do not use self-signed certs
* Do not use wildcard certs
* Establish and maintain a complete certificate inventory — you must know where each certificate is deployed, its expiration, etc.
* Run frequent endpoint/port scans to detect self-signed and other out-of-policy certificates.

Read the rest of this post »

DPBuddy Cookbook

Posted on: October 9, 2017 | Posted in: DataPower, DPBuddy

Our cookbook contains quick examples/samples/code snippets to help with the most common DataPower development and administration tasks. The cookbook is a live document and it is frequently updated with new information.

DataPower Buddy Release 3.3 Beta

Posted on: March 15, 2016 | Posted in: DataPower, DPBuddy

We’re pleased to announce the availability of DataPower Buddy 3.3 Beta.

This release introduces support for defining configuration properties/variables using HOCON (Human-Optimized Config Object Notation) format. HOCON is a superset of JSON, it is quite flexible (e.g., it supports comments, includes, substitutions) and it is more readable than raw JSON. HOCON provides a powerful alternative to defining environment-specific properties using prefix-based notation. The prefix-based mechanism, however, is still fully supported, so the use of HOCON is completely optional.

Other notable features of this release include:

  • Support for restore/import of multiple domains (or all of the domains). This could be useful for keeping multiple production appliances in sync.
  • Support for secure restore. This can also be used to maintain a DataPower cluster in sync or in a DR situation.
  • Support for appliance reboot/restart. Both secure restore and restart/reboot commands can optionally wait for the appliance to come back online.
  • Password encryption inside configuration files using open-source Jascrypt tool.
  • Under the hood, DPBuddy now streams files to the appliance during copy/import/restore, so these commands are now performed much faster and with lower memory requirements.
  • “Add” and “update” configuration transformation functions now support repeaters (loops). This can be used to generate environment-specific load-balancing group configuration with variable number of back-end servers.
  • Many minor changes and bug fixes. For example, passwords are now automatically masked when environment transformations run in verbose mode.
  • CLI help has been improved to make the use of CLI easier.

This release could also provide support for firmware 7.5; this feature will be finalized once 7.5 becomes available.

The general availability of DPBuddy 3.3 is expected in April 2016. Meanwhile, please let us know if you’re interested in evaluating the beta version.

DPBuddy Release 3.2.4 (Improved Auditing)

Posted on: October 12, 2015 | Posted in: Ant, DataPower, DPBuddy

We’re pleased to announce that DataPower Buddy 3.2.4 is now available. The focus of this release is on improved audit and logging.

DPBuddy now generates an audit log file in JSON format, in addition to the XML format supported in earlier releases. This file can be easily tailed, analyzed with jq and/or uploaded to an enterprise SIEM tool. DPBuddy now uses logback framework for auditing and logging. This provides a lot of flexibility in configuring log file location, rollover policies, appenders and other parameters.

Other new features include:

  • DPBuddy now captures import failures in the audit log.
  • backup command now supports the new option/attribute, “failIfNoDomain”. If set to “false”, “backup” will not fail if the target domain does not exist.
  • Better error handling. A root cause of an error now reported automatically, without having to run the tool in verbose mode.
  • Bug fixes.

To upgrade to this release, you can simply download and un-archive the distribution and point your DPBUDDY_HOME environment variable to the new location. If you’re using DPBuddy from Apache Ant, you will also need to add <pathelement location=”${dpbuddy.home}/conf”/> to the DPBuddy library’s “taskdef” in your Ant files, otherwise, you will see verbose logging output in the console.

You can download DPBuddy 3.2.4 from this page.

DataPower Buddy Release 3.2.3 (Firmware 7.2)

Posted on: June 28, 2015 | Posted in: DataPower, DPBuddy

We’re pleased to announce that DPBuddy 3.2.3 is now available. This release provides the support for DataPower firmware 7.2 and bug fixes.

An up-to-date version of Java 7 is required when using DPBuddy with firmware 7.2, otherwise you may encounter SSL-related error when trying to connect to DataPower. This is due to the bug in earlier versions of openjdk.

Other new features include:

  • “quiet” in “delConfig” task now suppresses all deletion errors, including the ones caused by an object being referenced by another object. This is to provide a workaround for the bug in firmware v7.2 which causes DataPower to retain references from objects that have been deleted.
  • “resetDomain”, “restartDomain” and “wsrrSynchronize” now support “domain” and other common attributes/options; these attributes/options were ignored in earlier versions.

You can download DPBuddy 3.2.3 trial from this page.