Home
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
Encryption
Encryption methods
This section describes encryption methods, as well as their respective settings and properties.

Welcome
Perform administrative tasks required to manage the operation of Spectrum Technology Platform on your system.
Getting Started
Configure and run a new installation of Spectrum Technology Platform.
Approval Flows
Define approval flows that data stewards use to review and accept records generated in a job by Exception Monitor.
Security
Perform tasks to secure your data on the Spectrum Technology Platform2022.1.0.
- Security Model
  Spectrum Technology Platform uses a role-based security model to control access to the system.
- Users
  Spectrum Technology Platform user accounts control the types of actions users can perform on the system.
- Roles
  Spectrum Technology Platform comes with these some predefined roles.
- Access Control
  Access control settings work in conjunction with roles to define the permissions for a user. Roles define the permissions for categories of entities, such as all dataflows or all database resources, and access control settings define the permissions for specific entities, called secured entities. Examples of secured entities include specific jobs or specific database connections. For example, you may have a role that has granted the Modify permission to the secured entity type "Dataflows", but you may want to prevent users from modifying one specific dataflow. You could accomplish this by using access control to remove the Modify permission for the specific dataflow you do not want modified. You can specify access control settings for users and roles. Access control settings for a user override that specific user's permissions as granted by the user's roles. Access control settings for roles apply to all users who have that role.
- Security for Spatial
- Limiting Server Directory Access
  You can browse the Spectrum Technology Platform server's folders when performing tasks that require them to select a file. For example, users can browse the server when selecting an input or output file in a source or sink stage in Spectrum Enterprise Designer.
- Using HTTPS
  Secure Socket Layer (SSL) is a protocol that provides security for communications between client and server by implementing encrypted data and certificate-based authentication.
- Web Service Authentication
  Spectrum Technology Platform web services require authentication with valid user credentials. There are two methods for authenticating: Basic authentication and authentication by token.
- Using LDAP or Active Directory for Authentication
  Spectrum Technology Platform can be configured to use an LDAP or Active Directory server for authentication.
- Implementing Spectrum Single Sign-on (SSO)
  Spectrum Technology Platform provides single sign-on (SSO), leveraging Active Directory Federation Services (AD FS), Ping Identity, and Azure Identity Provider (IDP).
- Encryption
  - Certificate-based encryption
    Spectrum Technology Platform certificate-based encryption requires you to set up certain security, trust, and communication tools.
  - Encryption methods
    This section describes encryption methods, as well as their respective settings and properties.
    - Method 1: Configure Spectrum to accept user-provided CA certificates
      This configuration method accepts user-provided certificates that are certificate authority (CA) registered.
    - Method 2: Configure Spectrum with self-signed certificates provided by Precisely
      This topic provides the steps to implement self-signed certificates from Precisely.
    - Method 3: Configure Spectrum with your own, self-signed certificates
      This configuration is not recommended for production environments.
    - Separate configurations
      The configurations described in this section allow you to separately configure encryption protocols, caching, and indexing for portions of Spectrum Technology Platform.
    - Encryption properties
      This reference lists and describes the global and specific server portion encryption properties located in spectrum-container.properties.
    - Generate encryption strings
      There are two methods for generating encryption strings.
    - Encrypt passwords or mask encryption strings
      You have the option to encrypt passwords and mask encryption strings so that sensitive information is not exposed in log files or displays.
  - Spectrum Platform Neo4j Password Encryption
Data Sources
Configure data sources from which to load and process data in Spectrum Technology Platform2022.1.0.
Spectrum Databases
Manage databases that contain data from trusted data providers. These include databases used by Enterprise Tax, Geocoding, Global Sentry, Universal Addressing, Spatial and Routing.
Services
Access Spectrum Services through a REST or SOAP web service interface.
Flows
Schedule and manage job execution, options, and defaults.
Performance
Perform tasks to get optimal performance from your Spectrum Technology Platform environment.
Monitoring
Monitor system performance and configure notification and use system and audit logs.
Backup and Restore
Schedule or create backups and restore the Spectrum Technology Platform server.
Settings
View and configure Data Stewardship and Context Graph settings.
Administration Utility
Use the Administration Utility Command Line Interface (CLI) to manage Spectrum components and data.
Spectrum properties
Reference information for spectrum-container.properties properties and proxy server settings.
About Spectrum Technology Platform
An overview of Spectrum, its data management architecture, its platform architecture, and its modules and components.

Encryption methods

This section describes encryption methods, as well as their respective settings and properties.

We suggest that you review all of the available encryption methods before you set up encryption at your site.