It is recommended to always use Redis in an environment in which the network and the Redis server are secured.
- If the GE Digital APM server and the Redis server are on same machine, then Redis can be secured by blocking external access to the network port (port 6379), allowing connections only from the local server.
- If the GE Digital APM server and the Redis server are on different machines, you can secure the access by:
Configuring Redis to use a password.
Note: By default, Redis is configured without a password.
When using a password on the Redis server, you must configure the connection string to include the password.
- On the GE Digital APM Server, access the folder C:\ProgramData\Meridium, and then, in an application that you can use to modify XML script (e.g., Notepad), open the file MeridiumAppSettings.xml.
- Within the <cacheServiceUrl> setting, change the default value localhost to localhost,password=<Redis password>, where <Redis password> is the password for the Redis server.
Note: The password in the .XML file can be encrypted by running MeridiumCachePasswordUtility.exe from a command prompt, passing in C:\ProgramData\Meridium\MeridiumAppSettings.xml as a command line parameter.
Setting up the firewall on the Redis server to only allow connections from the GE Digital APM servers.
Note: If Redis is configured on a separate sever and network transmissions are across an unsecured/open network, then it is recommended to use third-party software (e.g., Stunnel) to enable SSL communication between systems.
