Edge Encryption proxy installation Install one or more Edge Encryption proxy applications on your network. Installing a Edge Encryption proxy includes these steps. Install the Edge Encryption proxy application on a server in your network. Generate the RSA key pair for digitally signing encryption configurations and encryption rules. Install the Java Cryptography Extension (JCE), if you plan to use AES 256 encryption. If you are using a secure SSL connection, obtain a server certificate and import it to the Java KeyStore key store. If order preserving encryption types are to be used, set up a MySQL database instance on a machine in your network. Set up the edgeencryption.properties configuration file. Set up each user's browser to point to an Edge Encryption proxy. Accessing the proxy server Once installation is complete, point each user's browser to an Edge Encryption proxy using the URL format: <host>:<port>. Values are determined by the host and port properties in the edgeencryption.properties file. See Configure the proxy properties. As an example with the following values: Property Example value edgeencryption.proxy.host hostname.mycompany.com edgeencryption.proxy.http.port 8081 A client will access the proxy server using the following address: http://hostname.mycompany.com:8081/. Note: DNS settings and routing rules may be used. Host and port values are determined by your network administrator. Edge Encryption system requirementsThe Edge Encryption proxy application can run on servers or virtual machines running Windows or Linux.Encryption proxy connection requirementsThe proxy server that will run the Edge Encryption application must be able to communicate with machines in your network.Download the Edge Encryption proxy applicationDownload the Edge Encryption proxy application from your instance, and then copy the ZIP file to each computer that is to run the Edge Encryption proxy server.Install the encryption proxy on LinuxYou can install an Edge Encryption proxy on a 32-bit or 64-bit Linux computer.Install the encryption proxy on WindowsYou can install an Edge Encryption proxy on a 32-bit or 64-bit Windows computer.Configure the target propertiesIn the edgeencryption.properties file, specify which instance the Edge Encryption proxy will communicate with. These values are initially set when the proxy application is installed.Set up an Edge Encryption user accountThe Edge Encryption proxies connect to the instance as a user, in order to obtain and update encryption configuration information. Create a user account for this purpose and give the edge_encryption role to the user. Configure the proxy propertiesIn the edgeencryption.properties file, you can specify how the Edge Encryption proxy will communicate with your ServiceNow instance.Configure web proxy propertiesIf your network uses a web proxy, you can set up the Edge Encryption proxy to use the web proxy. This feature is available in Geneva Patch 5 and subsequent releases.Install the Java Cryptography Extension (JCE)If you want to use AES 256 encryption, you must install the Java Cryptography Extension (JCE) jurisdiction policy files and copy them into each Edge Encryption proxy.Create and configure the RSA key pair for the digital signatureCreate an RSA key pair that the proxy can use to create the digital signature for signing changes to the encryption properties and configuration. Import and configure the certificate for secure SSL connectionTo use a secure SSL connection, import a server certificate and add it to the Java KeyStore.Configure encryption keys using SafeNet KeySecureIf you are using a SafeNet key store, copy a set of libraries into the proxy distribution directory.Create and configure encryption keys using Java KeyStoreYou can use the keytool shipped with the encryption proxy distribution to create AES 128 and AES 256 encryption keys.Create and configure an encryption key stored in a fileYou can use a file as a key store. Each file holds a single encryption key.Configure the default encryption key propertiesThe encryption key default properties specify the keys that are to be used for the different encryption types. All AES 128 encryption types use the encryption key specified by the edgeencryption.encrypter.default.key128 property. All AES 256 encryption types use the encryption key specified by the edgeencryption.encrypter.default.key256 property.Set up password encryptionYou can encrypt passwords in the edgeencryption.properties file.Set the clear text and IV propertiesSet the clear text and IV (initialization vector) properties during the initial installation. Make sure that these properties are the same for all proxies. Lock the proxy configurationIf you want to prevent encryption configuration changes to the proxy in production, set the proxy locked property.Configure the order preserving database propertiesIf you are using an order preserving encryption type, you must set the Edge Encryption proxy properties for the order preserving database.Set the proxy server initial and upper bound memory limitsThe proxy server must have a minimum of 4 GB of RAM available (6 GB recommended). The initial and upper bound memory limits determine how much memory the proxy server can consume. Edge Encryption general propertiesThe proxy configuration file contains properties that should not be changed under normal circumstances.