Security Considerations
When deploying ThingWorx Analytics functionality, especially in a production environment, be sure to observe all best practice security measures. Before making the server or its components accessible to other users, consider the following security measures:
• Change default passwords
• Disable root or Administrator login for SSH access
• Install an IP address-filtering firewall
All datasets, services, and results are globally available within a specific ThingWorx Analytics deployment. Any user with access to the Things that represent the server deployments can access any dataset, service, job, or result. To restrict access to these objects, multiple ThingWorx Analytics deployments are necessary. There are two ways to set up multiple deployments:
• Multiple deployments that connect to a single ThingWorx Foundation server – In this scenario, use the ThingWorx Foundation permissions and visibility functionality to restrict access to Things associated with each deployment to specific users, groups, and organizations.
• Multiple deployments that each connect to a different ThingWorx Foundation server – In this scenario, there should be a one-to-one correspondence between ThingWorx Analytics and the ThingWorx Foundation server. Users would only be able to access the Things associated with the deployment they are authenticated through.