Compliance with the items in this checklist is required for all self-managed installations of Appian to ensure that the system and the hosts are configured as per Appian recommendations and best practices.
The section below lists all the configuration settings to put in place with the Appian Configure Script. These settings must be configured once in their specific environment/server configuration files in the Configure Script and saved in a version control tool. These settings must be deployed on all corresponding servers running Appian using the Configure Script.
☐
Configure the site URL for the environment in the file custom.properties
Generate a unique security token for each environment
Increase the execution load metric to 120+ in the file custom.properties
Copy Appian license files into the corresponding folders
Configure outgoing email settings in the file custom.properties
For non high availability environments, set the automated checkpointing frequency in the file custom.properties to be executed outside of core business hours and at least once every 24 hours
Setup all configuration settings with the Appian Configure Script and add settings to version control using your preferred Version Control System
Deploy and configure the Appian Health Check tool to run automatically once a month
Use the Appian Health Check reports to monitor the system health once a month
Enable the sticky session setting in the load balancer module
Configure HTTP access over TLS
Disable directory browsing for the Appian document root
Disable or redirect access to ports other than 443
Disable or redirect access to non Appian paths (e.g default CGI scripts and index files)
Do not expose session tokens in the URLs (JkStripSession On)
Enable HTTP compression
Deploy Appian static content to be served by the web server
Setup an system/resource usage monitoring tool per the CPU, memory and disk usage guidelines
Apply the latest available Appian hotfix
Secure, disable or restrict to local access the application server management interfaces
Disable the application server HTTPS interface
Disable or restrict to local access the HTTP interface
Restrict to local access the AJP interface when the web server is running on the same host
Allow remote access to AJP port when web server is running on a different host
Do not deploy default web applications and index files
Deploy all configuration settings using the Appian configure script and the Appian configuration settings stored in version control
(Linux Only) Raise the file descriptor limit above the default setting. Set the ulimit to 100,000
Configure the clean up of the Appian system logs to delete log files that are older than 60 days
Configure the application server logs to be written to the Appian /logs folder
Configure the application server access logs to be written to the Appian /logs folder
Setup the shared-logs folder to share the Appian system logs across all nodes in the environment
Back up the application data at least once every 24 hours
Confirm that the environment is configured per the outputs of the sizing exercise
Restrict access to port 9300 by remote application server or other search server host
(Linux Only) Raise the file descriptor limit above the default setting. Set the ulimit to 100,000.
Configure a strong password for the Service Manager per environment
Configure the Anti-virus software to exclude Appian KDB files on servers running the Appian engines and the Appian services like Kafka
If VMWare VMotion is installed, configure VMotion to NOT migrate VMs between hosts while Appian is running
For non high availability environment, configure the engine checkpoints to run outside of core business hours using a cron job or similar at least once every 24 hours
Back up the Appian Engines KDB files at least once every 24 hours
Configure the clean up of the Appian Engines KDB files on a schedule using a cron job or similar (minimum of 3 kdbs are maintained, maximum of 10)
Configure the clean up of the archived processes to move the archives to a long term storage using a cron job or similar
Configure network firewalls to limit access to Appian Engines, Kafka, Zookeeper and Data Server ports by other Appian hosts
Access to ports restricted to ports listed