Securing Your
CSM
Environment
When preparing for overall security of your on-premises
CSM
environment, follow recommendations for individual
CSM
components, including the database, the
Cherwell® Service Host ,
and Internet Information Services (IIS). Also, adhere to recommendations when
to plan testing your
CSM
environment.
Securing CSM Applications
Security configuration recommendations for on-premise CSM installations are provided for the Cherwell Application Server , CSM Web Applications , and CSM Administrator .
Securing the CSM Database
Cherwell® Service Management uses two accounts for database access: an application-level account and an administrator user account. These two accounts are configured when a 2-tier database connection is created to control the level of database access given for the application.
Securing the Cherwell Service Host
Assign network service-level security access and permissions on the Cherwell® Service Host to support its microservices Automation Process Service and Scheduling Service .
Securing IIS
Internet Information Services (IIS) uses application pools to coordinate the identity of the website that is running on the server.
Enable HTTP Strict Transport Security (HSTS)
HSTS helps protect websites against man-in-the-middle attacks by informing a browser that it should contact the website only through HTTPS connections and should automatically convert all attempts to access the site using HTTP to HTTPS requests instead.