The Server-side security page allows you to control the security settings or operations on the server-side of the platform. For example, it allows you to supply a custom encryption key for encryption on the internal network.
Tip: If you want to secure the client-side options, see Client Security.
Important: Always remember to apply any changes using the Apply button at the top-right of the workspace. Note that the Apply button is only enabled once you have added valid changes to the page.
Repository Encryption
Repository Encryption ensures that sensitive content being saved to the database (API keys, passwords, and so on) is encrypted.
- Use Custom Key: If you have your own custom key, select the checkbox and paste your custom key into the text field. Your key has to be a valid AES 256 key in base 64 format, with a string length of 32 bytes.
- Generate a new key: Alternatively, click Generate a new key to get Pyramid to generate a new random key for you.
Note: Whenever you add or generate a new key, it begins to be used as soon as you apply your changes.
Internal network encryption
Internal network encryption encrypts communications between the Pyramid services internally. By default, internal network encryption is not enabled.
To enable encryption, select Encrypted from the drop-down list. Pyramid will use either the last generated key or the default key by default, or you can select one of the following options:
- Use Custom Key: If you have your own custom key, select the checkbox and paste your custom key into the text field. Your key has to be a valid AES 256 key in base 64 format, with a string length of 32 bytes.
- Generate a new key: Alternatively, click Generate a new key to get Pyramid to generate a new random key for you.
Note: Enabling internal encryption may affect performance.
Note: This feature does NOT need to be enabled to use external encryption via SSL for the web client.
Delegate Kerberos for Windows Authentication
If you are using Windows Authentication as your authentication method, you can optionally turn this on to continue delegating authentication to Kerberos.
Kerberos tickets are only required when using Kerberos delegated authentication, currently with SAP BW Logon Tickets and MS SQL Server Relational Authentication with Windows Auth. This is NOT required for MS Analysis Services Authentication. Turning this off, if it is not needed, will positively impact performance.
Mobile Device Settings
Links to the Mobile Device Settings page. For more information, see Mobile Device Settings.