Edge Encryption proxy installation Install one or more Edge Encryption proxy applications on your network. Installing a Edge Encryption proxy includes these steps. Install the Edge Encryption proxy application on a server in your network. Generate the RSA key pair for digitally signing encryption configurations and encryption rules. Install the Java Cryptography Extension (JCE), if you plan to use AES 256 encryption. If you are using a secure SSL connection, obtain a server certificate and import it to the Java KeyStore key store. If order preserving encryption types or encryption patterns are to be used, set up a MySQL database instance on a machine in your network. Set up the edgeencryption.properties configuration file. Set up each user's browser to point to an Edge Encryption proxy. Accessing the proxy server Once installation is complete, point each user's browser to an Edge Encryption proxy using the URL format: <host>:<port>. Values are determined by the host and port properties in the edgeencryption.properties file. See Configure the proxy properties. As an example with the following values: Property Example value edgeencryption.proxy.host hostname.mycompany.com edgeencryption.proxy.http.port 8081 A client will access the proxy server using the following address: http://hostname.mycompany.com:8081/. Note: DNS settings and routing rules may be used. Host and port values are determined by your network administrator. Edge Encryption system requirementsThe Edge Encryption proxy application can run on servers or virtual machines running Windows or Linux.Encryption proxy connection requirementsThe proxy server that runs the Edge Encryption application must be able to communicate with machines in your network.Download the Edge Encryption proxy applicationDownload the Edge Encryption proxy application from your instance, and then copy the ZIP file to each computer that is to run the Edge Encryption proxy server.Install the encryption proxy on LinuxYou can install an Edge Encryption proxy on a 32-bit or 64-bit Linux computer.Install the encryption proxy on WindowsYou can install an Edge Encryption proxy on a 32-bit or 64-bit Windows computer.Configure the target propertiesIn the edgeencryption.properties file, specify the instance with which the Edge Encryption proxy communicates. These values are initially set when the proxy application is installed.Set up an Edge Encryption user accountThe Edge Encryption proxies connect to the instance as a user to obtain and update encryption configuration information. Create a user account for this purpose and give the edge_encryption role to the user. Configure the proxy propertiesIn the edgeencryption.properties file, you can specify how the Edge Encryption proxy communicates with your ServiceNow instance.Configure web proxy propertiesIf your network uses a web proxy, you can set up the Edge Encryption proxy to use the web proxy. Install the Java Cryptography Extension (JCE)If you want to use AES 256 encryption, you must install the Java Cryptography Extension (JCE) jurisdiction policy files and copy them into each Edge Encryption proxy.Create and configure the RSA key pair for the digital signatureCreate an RSA key pair that the proxy can use to create the digital signature for signing changes to the encryption properties and configuration. Import and configure the certificate for secure SSL connectionTo use a secure SSL connection, import a server certificate and add it to the Java KeyStore.Set up a SafeNet KeySecure key storeIf you are using a SafeNet key store, copy a set of libraries into the proxy distribution directory.Set up a Java KeyStore key storeYou can use a Java KeyStore key store to store encryption keys.Create encryption keys using the Java KeyStore keytoolYou can use the keytool shipped with the encryption proxy distribution to create AES 128 and AES 256 encryption keys.Set up a file storeAfter creating a file store, you must set up the encryption.properties.Create an encryption key stored in a fileYou can use a file as a key store. Each file holds a single encryption key.Obfuscate passwords in the properties fileYou can obfuscate passwords in the edgeencryption.properties file to share the properties file without revealing clear text passwords.Set the clear text and IV propertiesSet the clear text and IV (initialization vector) properties during the initial installation. Make sure that these properties are the same for all proxies. Lock the proxy configurationIf you want to prevent encryption configuration changes to the proxy in production, set the proxy locked property.Configure the proxy database propertiesIf you are using an order preserving encryption type or encryption patterns, you must set the Edge Encryption proxy properties for the proxy database.Set the proxy server initial and upper bound memory limitsThe proxy server must have a minimum of 4 GB of RAM available (6 GB recommended). The initial and upper bound memory limits determine how much memory the proxy server can consume. Edge Encryption general propertiesThe proxy configuration file contains properties that should not be changed under normal circumstances. Deprecated encryption propertiesSome encryption properties are no longer needed, and have been deprecated.Using a load balancer with the Edge proxy serverYou can use a load balancer to balance the load across the proxy servers in your Edge Encryption proxy setup. However, you must either configure the environment to return responses to the load balancer instead of the proxy server and configure load balancer iRules, or run the proxy servers on the same port as the load balancer. Otherwise, users cannot view the responses to their requests.