Securing Experience Platform

xDB Processing

The following tasks apply to all core roles:

• Change the administrator password
• Disable administrative tools
• Disable client RSS feeds
• Disable SQL Server access from XSLT
• Enable FIPS
• Enable HTTPS for core roles
• Enable HTTPS for Content Search
• Increase login security
• Limit access to .XML, .XSLT, and .MRT files
• Change the hash algorithm for password encryption
• Protect media requests
• Remove header information from responses sent by your website
• Secure the file upload functionality
• Limit access to PhantomJS
• Secure Sitecore.Services.Client
• Secure the Telerik controls
• IP hashing
• Enforce a strong password policy
• Protect the connection string passwords from unauthorized access

The following additional tasks should be performed on the xDB Processing role:

• Configure API authentication keys in a scaled environment
• Enforce HTTPS for the xDB Processing service end point
• Restrict access to the client

xDB Reporting

The following tasks apply to all core roles:

• Change the administrator password
• Deny anonymous users access to a folder
• Disable administrative tools
• Disable client RSS feeds
• Disable SQL Server access from XSLT
• Enable FIPS
• Enable HTTPS for core roles
• Enable HTTPS for Content Search
• Increase login security
• Limit access to .XML, .XSLT, and .MRT files
• Change the hash algorithm for password encryption
• Protect media requests
• Remove header information from responses sent by your website
• Secure the file upload functionality
• Limit access to PhantomJS
• Secure Sitecore.Services.Client
• Secure the Telerik controls
• IP hashing
• Enforce a strong password policy
• Protect the connection string passwords from unauthorized access

The following additional tasks should be performed on the xDB Reporting role:

• Configure API authentication keys in a scaled environment
• Enforce HTTPS for the xDB Reporting service end point
• Restrict access to the client

xConnect Collection service

The following tasks apply to all XP Service roles:

• Enable client certificate authentication
• Enforce HTTPS for XP service roles
• Protect the connection string passwords from unauthorized access

xConnect Collection Search service

The following tasks apply to all XP Service roles:

• Enable client certificate authentication
• Enforce HTTPS for XP service roles
• Protect the connection string passwords from unauthorized access

The following additional tasks should be performed on the xConnect Collection Search service role:

• Enforce HTTPS for xConnect Search

Reference Data service

The following tasks apply to all XP Service roles:

• Enable client certificate authentication
• Enforce HTTPS for XP service roles
• Protect the connection string passwords from unauthorized access

Marketing Automation Operations service

The following tasks apply to all XP Service roles:

• Enable client certificate authentication
• Enforce HTTPS for XP service roles
• Protect the connection string passwords from unauthorized access

Marketing Automation Reporting service

The following tasks apply to all XP Service roles:

• Enable client certificate authentication
• Enforce HTTPS for XP service roles
• Protect the connection string passwords from unauthorized access

Marketing Automation Engine

xConnect Search Indexer

The following additional tasks should be performed on the xConnect Search Indexer role:

• Enforce HTTPS for xConnect Search

EXM Dispatch

The following tasks apply to all core roles:

• Change the administrator password
• Deny anonymous users access to a folder
• Disable administrative tools
• Disable client RSS feeds
• Disable SQL Server access from XSLT
• Enable FIPS
• Enable HTTPS for core roles
• Enable HTTPS for Content Search
• Increase login security
• Limit access to .XML, .XSLT, and .MRT files
• Change the hash algorithm for password encryption
• Protect media requests
• Remove header information from responses sent by your website
• Secure the file upload functionality
• Limit access to PhantomJS
• Secure Sitecore.Services.Client
• Secure the Telerik controls
• IP hashing
• Enforce a strong password policy
• Protect the connection string passwords from unauthorized access

The following additional tasks should be performed on the EXM Dispatch role:

• Encrypt the SMTP credentials

xDB Collection database

xDB Processing Tasks database

No additional Sitecore-specific tasks.

xDB Processing Pools database

No additional Sitecore-specific tasks.

xDB Reference Data database

No additional Sitecore-specific tasks.

xDB Reporting database

No additional Sitecore-specific tasks.

Marketing Automation database

No additional Sitecore-specific tasks.

Message Bus

No additional Sitecore-specific tasks.

EXM database

No additional Sitecore-specific tasks.

xDB index

No additional Sitecore-specific tasks.

FXM Master index

No additional Sitecore-specific tasks.

FXM Web index

No additional Sitecore-specific tasks.

Master Marketing Assets index

No additional Sitecore-specific tasks.

Web Marketing Assets index

No additional Sitecore-specific tasks.

Master Marketing Definitions index

No additional Sitecore-specific tasks.

Web Marketing Definitions index

No additional Sitecore-specific tasks.

Suggested Test index

No additional Sitecore-specific tasks.

Testing index

No additional Sitecore-specific tasks.