Security Checklist
There are a number of precautions that should be taken before running Exago in a production environment.
Deployment
Setting up a State Server
We highly recommend using a state server to manage Exago sessions. Often, the cause of timeout problems is related to not properly managing session state. In a high availability implementation, a state server is required.
Transition from HTTP to HTTPS
Many times during the evaluation process, Exago may be setup to access resources over HTTP. As the evaluation progresses, or when transitioning from evaluation to production, it may be desirable to secure the connections between Exago and these resources. This article serves as a checklist of ...
Configuration Management and Propagation
As a highly-configurable environment, Exago consists of many components. This article will describe these components, where they are located, why they need to be part of the implementation strategy, and how they should be propagated from system to system.
Cross-Origin (CORS) Cheatsheet
This article serves as a "quick" version of the Cross-Origin Embedding of Exago article, to aid system administrators in determining how to correctly integrate Exago BI when hosted from a different origin than the application that embeds it.Definitions
These terms will be used throughout this ...
Cross-Origin Embedding of Exago
When a user enters Exago BI, the application creates a session in order to preserve the user's working state and environment while they engage with it. The session information is stored on the web application server or state server (depending on the network configuration).
Whenever requests ...
Deploying to Production
This guide describes the considerations you should take when deploying an Exago BI installation to a production environment. Suggested steps are listed in the order they should be taken. Best practices are recommended for each step. However, every environment is different, so recommendations ...
Enable FIPS Compliant Encryption on Windows
Exago is compliant with FIPS Level 2 (140-2) which is the current active version of the standard. Before enabling FIPS, please be aware that you may lose access to certain websites which use SSL 1.0 via Internet Explorer.
Modifying Configs in a Production Environment
testThe Exago configuration XML files are bases from which sessions draw most of their setup data, such as data objects, feature access, and tenancy. By default, sessions load configs in a Base Plus Diff manner: Setup data that is modified per-session via one of the server APIs (REST, .NET) is ...
