Database Authentication
Introduction
Both ClearWay™ and AdvanceGuard® utilise the Mongo database for managing all system configuration and recording real-time data such as alarms and track data. By default the connection to the MongoDb server does not use authentication. Although network restrictions can be implemented to restrict any external connectivity to the database server, many customers will consider authentication a mandatory requirement. This document covers the steps required to configure both our software and the Mongo database to use authentication.
The authentication process used is called Salted Challenge Response Authentication Mechanism (SCRAM). More details can be found in the Mongo documentation here: SCRAM. The only supported SCRAM mechanism is SCRAM-SHA-256.
Contents
Prerequisites
In order to enable authentication you will need the following:
A version of ClearWay™ or AdvanceGuard® that supports database authentication:
ClearWay™: V4.12.0.x or later.
AdvanceGuard®: V4.12.0.x or later.
Local administrative access to the OS running the Mongo servers, Management Servers and Track Engines.
A working knowledge of Mongo replica sets (if your system uses one).
A working knowledge of the Witness Utility application.
A suitable text editor to ensure you edit configuration files. We recommend: