Transport Layer Security connections with i2 Analyze

Transport Layer Security (TLS) technology can be used to establish an encrypted connection between a client and server. You can use TLS to ensure that communication between i2 Analyze components is encrypted. By default, i2 Analyze supports version 1.2 of the TLS protocol, but you can configure it to support other versions too.

The physical architecture and the network topology of an i2 Analyze deployment determine how appropriate it is to use TLS to secure its connections. For example, if two parts of the deployment are on a single server that you physically control, then the need for TLS to secure the connection between them might be reduced. If your deployment contains a firewall, then you might need to weigh the benefits of inspecting traffic against the benefits of encrypting it.

You can configure TLS for the following connections in i2 Analyze:


Block diagram of i2 Analyze components and five connection points to secure.

The numbered connections in the diagram are as follows:

  1. The connection between the clients and Liberty.

  2. The connections between Liberty, ZooKeeper, and Solr.

  3. The connection between Liberty and the database management system.

To secure connections 2 and 3, you must first secure connection 1.

Note: To enable access to i2 Analyze through the i2 Notebook web client, you must use TLS to secure the connection between the browser and Liberty. i2 Notebook requires the HTTPS protocol.

For information about securing the connection between Liberty and any i2 Connectors, see client authenticated Transport Layer Security with the i2 Connect gateway.

Important: At this release, if you configure Solr to use TLS after it is deployed without it, you must re-create your Solr collections. Aim to configure Solr to use TLS before you ingest a large amount of data into your system.

Attention: i2 takes reasonable steps to verify the suitability of i2 Analyze for internet deployment. However, it does not address lower-level issues such as guarding networks against penetration, securing accounts, protecting against brute force attacks, configuring firewalls to avoid DoS or DDoS attacks, and the like. For your deployment of i2 Analyze, follow industry-standard practices and recommendations for protection of your systems. i2 accepts no liability for the consequences of such attacks on your systems. This information is not intended to provide instructions for managing key databases or certificates.