Backend security considerations

From Resco's Wiki
Jump to navigation Jump to search
Security Guide


Regardless of the target backend system, some security aspects remain the same:

  • Make sure that there is a reliable and secure network connection between mobile devices and the backend servers.
  • Keep your servers up-to-date with the latest security updates.
  • Configure your servers to reject all unauthorized requests.

Resco Cloud

Servers in Resco Cloud are by default configured to be accessible via internet by the Resco Mobile solution; no special configuration is necessary. Resco Cloud makes use of HTTPS protocol for all communication. When deployed as a Private Cloud solution, it is important for the company infrastructure to make sure the servers are accessible from mobile devices.

Microsoft Dynamics CRM / Dynamics 365

The minimal requirement for the synchronization with the Dynamics CRM server is the availability of Dynamics CRM web services and authentication services. In case of the internet-facing configuration, the Active Directory Federation Services (ADFS) must be accessible, too.

In cases where the Dynamics CRM server and the Active Directory Federation Services are not exposed to the internet, use VPN or DirectAccess connection.

Note The default configuration of Dynamics CRM with Active Directory authentication uses HTTP protocol. It is highly insecure to expose the server to the Internet in this configuration. We strongly recommend using either VPN or DirectAccess, or changing the configuration to use HTTPS to secure the data exchange between the Mobile CRM client and the Dynamics CRM Server.

Salesforce

In addition to the HTTPS network connection to Salesforce cloud, the Resco Mobile solution requires the target Salesforce organization to have API Access enabled. It is also crucial that Resco Cloud utilized for storing customizations and metadata (https://connect.rescocrm.com) is accessible from the mobile device.