Tutorials & Examples Web-help Blog

Security considerations for hosting EasyMorph Server in the cloud


#1

This chapter has been added to EM Server Admin Guide 3.9.2:


Cloud hosting
If you decided to host EasyMorph Server on a cloud instance (e.g. Amazon EC2, Azure, or Google Cloud) and you’re not using a VPN to access it, you may effectively expose it to the threats of open internet. In this case make sure that:

  • No space is configured to use the anonymous access mode
  • All passwords used for password-protected spaces are sufficiently strong and have at least 20 characters (check out this xkcd about creating long passwords)
  • Web Files disabled unless it’s necessary
  • If Web Files need to be enabled then disable uploading files unless it’s necessary
  • SSL is configured and enforced, SSL certificate is valid and not expired; don’t use self-signed certificates
  • Remote admin access is disabled in Server Settings (instead, use Remote Desktop for Server administration)

It is highly recommended to use the cloud provider’s firewall to limit access to your Server instance only for the IP addresses (or IP ranges) that you use.