XVault Data Security
Groupcall XVault is designed to operate securely and requires authentication to access web servers and the management console. It is advised that additional configuration is made in the operating environment to ensure full platform-level security.
The XVault database should be located on a physically secure server that is appropriately configured to prevent unintended access. Each system accessing the database requires a separate SQL user account with a strong password. Systems reading data from the XVault database should be constrained to a specific view or set of views per accessing system.
Groupcall recommends that the SQL platform or underlying system is encrypted in order to protect data.
The server on which the XVault application is installed on should be physically secured and appropriately configured to prevent unintended access. XVault only permits incoming connections to its Web Services interface and to its web-based management console. XVault will make outgoing connections to https://dashboard.groupcall.com/ and to any SIF Zone Integration Server that it is configured to contact.
Although the XVault application does not store any sensitive data locally (only into the XVault Database), Groupcall recommends that the server or underlying system is encrypted to prevent unintended release of the SQL server credentials or SIF SSL private keys.
XVault SSL Encryption
The XVault application runs on top of Apache Tomcat, the current version of Apache Tomcat is 7.0.
Data transfer is always SSL, therefore to protect the management interface you need only enable SSL encryption for the web service and management console. The management interface only shows what data objects to request and when they last arrived; it doesn't show the data itself.
To enable the appropriate SSL configuration instructions, apply them to Apache Tomcat and restart the Apache service.
XVault Message Security - Non-SIF
XVault Message Security - SIF
All SIF Agents, including XVault, connect to a SIF Zone Integration Server;
Each Agent in each Zone is allowed to request certain SIF Data Objects; this enforces the collection of data to only those objects supported by data agreement. This configuration denies any data objects configured for collection in the XVault collection template that