Data Server Connection Restrictions

Appian restricts connections to the data server's HTTP endpoints by authenticating requests with a security token. Unauthenticated requests could be made after an unauthorized network intrusion or by a security application that scans the HTTP endpoints. When a unique security token is used, only trusted systems are permitted to make calls to the data server.

Setting the Secure Token

The security token must be set by the administrator during the Appian installation or upgrade. To properly set the token, a data-server-sec.properties file must be created in both the <APPIAN_HOME>/conf and <APPIAN_HOME>/data-server/conf directories for each node in the Appian installation. For each data-server-sec.properties file that was created, the dataserver.password property must be set to the same value across each node where the application server or data server is installed.

Registering an environment with the configure script creates a data-server-sec.properties file with a unique dataserver.password property value. For a distributed installation of Appian, this script must be run on each node of the distributed environment and so the generated dataserver.password property value will be distinct on each node. Make sure to update the dataserver.password property value to be the same value on each node so that the dataserver.password is consistent across the distributed environment. If this is not done, the data server will not be able to start and the application server will not be able to connect to the data server.

When setting up Appian without the configure script (for instance, in a Docker installation), follow the steps below to set the token:

  1. Ensure that the application server and data server are properly shut down.
  2. Create a data-server-sec.properties file containing the token.
    • Open a text editor.
    • Copy and paste the text dataserver.password= into the text editor exactly as shown here.
    • Generate a 256-character string of alpha-numeric characters from www.random.org.
    • Copy and paste the generated string into the text editor after the text that was already included. Remove all line breaks and whitespace.
    • Your file should look something like the following, but with your own unique token:
      1
      
      dataserver.password=xjfedpi65xl21j7mfk3xab045uax3uaqbie18eldm9rleb66qqf91nsiegewbfbl6z2pt822lrqb25kr3j3gvuc2daqmkdn7ikju1pvxp90010y57nu1n6nr8u814vwfmt972a1f1obce56nr9nzarmdxvc08zyt3lsp0kuixyu529pwhuher7sujltuagg919pqhzzn1h9x0qrtzs618pdgi3qfwk46yhcrmalo5qt07wyw9xxs8wksnwv47b1k
      
  3. Save the file with the name data-server-sec.properties.
  4. Copy the data-server-sec.properties file to the <APPIAN_HOME>/conf/ directory and to the <APPIAN_HOME>/data-server/conf directory. For a Docker installation, /appian-docker is the home directory.
  5. If you have a multi-server installation of Appian, repeat the previous step for each server used to run Appian. Each node in the distributed environment that runs either the application server or the data server must contain an identical security token.
  6. Repeat all of the above steps for each environment of Appian. Each environment of Appian should contain a unique security token.
Open in Github
FEEDBACK