Security Consideration for Installing Sentinel Run-time Environment in a WAN

Anyone who can access the local License Manager has unconditional access to the product licenses installed on this machine.

It is therefore recommended that you not expose the License Manager directly to Internet. You should always place it inside a protected environment that authenticates and verifies the authorization of the clients.

It is recommended that you keep the Run-time Environment and VLIBs up-to-date.

Security best practices recommend that you reduce unnecessary exposure of your systems when possible. To minimize your exposure, it is recommended that you observe the security guidelines that follow when you configure Admin Control Center.

> If you know the IP addresses of all the client machines (if any) that should be allowed to access the local License Manager, explicitly limit the access only to these machines by configuring the Access Restrictions parameter to deny access from any other machine.

>Remote access to the administrative interface should be blocked. To block remote access, disable the options Allow Remote Access to ACC and Allow Remote Access to Admin API.

>To minimize the load of the License Manager, you can disable Allow Access to Remote Licenses. The License Manager will use only licenses on the local machine.

>If detaching of licenses is not required, it is better to disable this option because, if for any reason, you want to cancel a detached license, the required connection may no longer be available. To disable the detaching of licenses, disable the option On-Demand Detaching of Licenses on the Detachable Licenses tabbed page.

>To be able to diagnose issues, it is recommended that you enable the logging options Write an Access Log File and Write an Error Log File. If high traffic is expected, also enable Write Log Files Daily.