We have recently upgraded from SOS to Vault. Securely accessing our SOS repository over the Internet was accomplished via SOS client and server pieces via custom encryption/decryption over an odd port number (at least, I think it worked something like that). We had just a single port open on our firewall.
However, regarding a Vault installation, I haven't seen any posts or white papers that discuss best practices for configuring Vault for remote access.
Is SSL the only/recommended way to accomplish the encryption?
What port should be used? 80? 443? Other?
What other factors should be considered in locking down the server from nefarious scofflaws.
Thanks in advance,
Gary Kravis
Remote Vault Over Internet: Recommendation
Moderator: SourceGear
Yes, SSL is way to do encryption. Our server is an extension of IIS, so we just use it. You can configure it on any port you like, so if you are concerned about people guessing the port, configure IIS/SSL to work on a different port, otherwise SSL is on port 443 by default.
You should definitely use a firewall to block access to the Vault server except through the SSL port.
You should definitely use a firewall to block access to the Vault server except through the SSL port.