Product(s):	APM Implementation and Performance Management
	Version(s):	7.13+
	Area:	Security

Problem

How to secure communications between Mobile and Smart clients and the APM Server(s)

Solution

Organizations can secure communications between mobile and smart clients and the server in two ways:

1. Use Bentley CONNECT authentication over a TLS encrypted connection.  

Consider moving to Bentley CONNECT authentication, which uses the OpenID® protocol.  We support Federation to allow for single sign on with CONNECT Authentication.
Federated identity allows your organization to leverage its existing IT infrastructure to manage user credentials for your Bentley products and services.

Click to learn more about federation today!

2.  Using Transport Layer Security (TLS) digital certificates:

You should purchase a TLS certificate from a Certificate Authority (CA), such as VeriSign, and install the certificate. The Implementing a TLS (SSL) Certificate section in the Installation Guide explains how to install the certificate, configure the server, and register the certificate with each of the servers and services you use. It also explains how to disable SSL version 3, which has been found to have security vulnerabilities.

Notes:

Use the fully qualified domain name when creating a TLS certificate to prevent domain name problems with client connections.

As of 7.13, TLS 1.0 is no longer Supported.  When using TLS 1.2, disabling TLS 1.0 and 1.1 is recommended.

 

See Also

• APM Installation Guide:  https://communities.bentley.com/products/assetwise/asset_performance_management/m/mediagallery/274960
• TLS 1.0 no longer Supported in 7.13 - https://communities.bentley.com/products/assetwise/asset_performance_management/w/wiki/41869/tls-1-0-protocol-no-longer-supported
• Support Alert: https://communities.bentley.com/products/assetwise/asset_performance_management/w/wiki/56555/an-important-security-risk-is-mitigated-by-a-hotfix-to-7-15-and-will-be-included-in-release-7-16

Original Author:

Giselle Notte