LockSelf software uses two main components:
- MySQL database (version 5.7)
- API REST PHP (version 7.4)
The database and the web server are set up on two separate Linux servers (Ubuntu 18.04 LTS) in a VPC dedicated to the company.
This installation is made on our French partner’s sovereign cloud, 3DS Outscale. Depending on the contract, the installation will be effective either in the eu-west-2 region or in the cloudgouv-eu-west-1 region, the latter being SECNUMCLOUD certified by ANSSI.
Network flow matrix
The flows configured on the different servers are :
|Application||443 since 0.0.0.0/0|
|Database||3306 since application
The incoming flows on the application part can be restricted on several specific IP / range on simple request.
Before starting the service’s installation, you will need to provide us with several items.
1. The subdomain you want to use. (ex: lockself.company.com)
The LockSelf installation dedicated to your company will be made on this sub-domain. Once the prerequisites have been retrieved, we will provide you with an IP to link with the chosen subdomain.
This subdomain will allow your employees to connect to the application, and will be exposed to your external contacts when using LockTransfer.
2. The SSL certificate associated with this domain name
Three elements must be provided :
- The Certificate (crt, cer, pem or text format)
- The associated private key (key or text format)
- The certificate chain (or chain of Trust, in crt or text format)
This certificate will allow to add the SSL termination on the chosen sub-domain, which will
activate the HTTPS layer. A HSTS sublayer is also applied on the chosen sub-domain.
You will be responsible for renewing the certificate and its availability to LockSelf teams.
We can, if you wish, send you the CSR (Certificate Signing Request) which will be requested by the provider which creates the certificate.
If you wish, please return the following information to us:
Organization unit name
Common name (chosen sub-domain)
Email address (email associated to the certificate)
3. SMTP information
The information to be provided is :
- Authentication requested ? (true / false)
- SSL ou TLS used ?
The SMTP information will allow you to connect the LockSelf installation made for your company to your SMTP server in order to send system emails. When using the LockTransfer product, emails will also be sent to the recipients of your transfers via the same SMTP server.
4. Metadata link for the interconnection to active directories
For the interconnection to an active directory, we use the SAMLv2 protocol. You must therefore make sure that you have an ADFS type module for Active Directory, OpenID for OpenLDAP or the SAMLv2 modules included in Azure or Office 365.
The interconnection’s installation is done after the infrastructure has been created and tested.
This is done in three steps :
- Providing us with the FederationMetadata.xml file, from your SAMLv2 module.
- For ADFS, this link is available at the URL : https://myserver.domain.com/FederationMetadata/2007-06/FederationMetadata.xml
- LockSelf teams include the file at the application level
- You receive a procedure in order to create the connector for your SAMLv2 module
💡See the corresponding articles for the steps to create the connector with the following tools :