Appian restricts connections to the data server's HTTP endpoints by authenticating requests with a security token. Unauthenticated requests could be made after an unauthorized network intrusion or by a security application that scans the HTTP endpoints. When a unique security token is used, only trusted systems are permitted to make calls to the data server.
The security token must be set by the administrator during the Appian installation or upgrade. To properly set the token, a
data-server-sec.properties file must be created in both the
<APPIAN_HOME>/data-server/conf directories for each node in the Appian installation. For each
data-server-sec.properties file that was created, the
dataserver.password property must be set to the same value across each node where the application server or data server is installed.
Registering an environment with the configure script creates a
data-server-sec.properties file with a unique
dataserver.password property value. For a distributed installation of Appian, this script must be run on each node of the distributed environment and so the generated
dataserver.password property value will be distinct on each node. Make sure to update the
dataserver.password property value to be the same value on each node so that the
dataserver.password is consistent across the distributed environment. If this is not done, the data server will not be able to start and the application server will not be able to connect to the data server.