Overview

The AppsAnywhere Appliance was created to be secure by design.

This includes a number of out-of-the-box security measures:

  • Customer access to configure the appliance is only available via the hypervisor console.

  • Networking is disabled by default and must be enabled once the appliance is deployed.

  • SSH access for Software2 support is disabled by default. This can be enabled for a specific IP address or range.

  • Operating system and component security updates are applied automatically, every 30-days following your deployment.

Further details regarding initial setup can be found under the First-time Configuration section.

If you would prefer to patch servers more frequently, or on your organizations preferred schedule; updates can be triggered manually (as below), and/or auto-updates can be disabled by Software2.

Secure Access

The Appliance Configuration Console (ACC) is only available via your hypervisor console.

All accounts used to access the appliance are secure:

  • The default customer setup account password is randomly generated upon first use, and is unique for your appliance.

  • The setup account cannot be used via a SSH connection to the appliance.

  • All SSH accounts used by Software2 are secured with individual SSL certificate key pairs.

Security Patching

Automatic Updates

By default, the AppsAnywhere Appliance will install CentOS and 3rd party component updates automatically.

Updates are performed every 30-days from the date the appliance was installed.

The update schedule is therefore randomly staggered, so each of your AppsAnywhere servers will perform updates at different times.

When updates to key 3rd party components such as PHP and Apache are applied, there may be a brief service interruption as the modules are reloaded/restarted. 

To ensure service continuity, we recommend that you configure a load balancer with health checks to route all user traffic to the AppsAnywhere servers. This will ensure that there are no service interruptions during automatic patching.

Compatibility Checks

Software2 actively monitor and test all security updates to guard against any compatibility issues.

Your appliance will perform a daily check with our central API to ensure that there are no known issues with forthcoming updates.

As a fail safe, in the case that we discover a compatibility issue, updates can be temporarily suspended via our API for the affected appliance version(s).

All affected customers will then be notified, and steps to ensure and apply compatible security updates will be provided.

Manual Updates

A manual update option is available within the Appliance Configuration Console (ACC), and can be used at any time.

Manual updates are applied at the customer’s own risk and are not subject to the above compatibility checks.

A server snapshot should always be taken via your hypervisor before manual updates are triggered.

If you prefer to manage your own patching schedule, automatic updates can also be disabled. This action must be performed by Software2 support team.