The Rhino Element Manager (REM) is a web-based console for monitoring, configuring, and managing a Rhino SLEE. REM provides a graphical user interface (GUI) for many of the management features documented in the Rhino Administration and Deployment Guide. Rhino is an application server that supports the development of telecommunications applications.

Security Notices

For identity and access management with Rhino TAS, follow these guidelines:

Grant least privileges.

We recommend that you adhere to the principle of least privilege when you grant permissions to user accounts. Least privilege access gives users only the permissions they need to carry out the tasks that they are responsible for. When you grant permissions in compliance with least privilege, you reduce the potential impact that a compromised account can have on your network.

You need to use the default administrator account to log in the first time when you use REM. To ensure system security, change the password and create user accounts with appropriate permissions. For details, see Enter username and password.

Use secure authentication mechanisms.

  • We recommend that you use centralized LDAP authentication instead of local authentication (locally stored keypairs or passwords). This means that every appliance does not store user authentication information, and only the centralized authentication will be used. We recommend that you use multi-factor authentication (MFA) for centralized authentication.

  • If you use local authentication, we recommend that you configure user accounts to use SSH keys with passphrases (instead of username/password). If this is not possible, we recommend you use SSH keys without passphrases instead of passwords.

REM supports LDAP based authentication. For a configuration example, check the ldapauth.properties file.

Remove unused user accounts.

We recommend that you remove user accounts from your system once they are no longer needed, for example after a user retires or leaves their role.

Adhere to strict password requirements.

We recommend that passwords/PINs adhere to the following requirements.

  • Use a minimum of eight characters.

  • Do not use more than three consecutive repeated characters.

  • Do not use common character sequences longer than three characters, for example abcd or 1234.

  • Do not use words that are common passwords, for example password or admin.

  • Do not use context-specific strings, for example a username, the name of the product, or a phone number.

We recommend that machine-to-machine passwords and other passwords that users do not enter manually adhere to the following requirements.

  • Use a minimum of 24 characters.

  • Use a mixture of uppercase, lowercase, and numeric characters.

  • Do not use more than three consecutive repeated characters.

  • Do not use common character sequences longer than three characters, for example abcd or 1234.

  • Do not use words that match dictionary attacks for common passwords, for example password or admin.

  • Do not use context-specific characters, for example a username, the name of the product, or a phone number.

REM supports both local and centralized authentication. For local authentication, adhere to these password requirements when you manage local user accounts. If you use centralized authentication with LDAP, implement relevant password policy on the authentication server.

Use a secure password manager.

We recommend that all users store their passwords in a secure password manager. Password managers help users keep track of their different passwords and allow for more complex passwords that would be difficult to memorize.


For interface management with Rhino TAS, follow these guidelines:

Adhere to principles of Zero Trust.

We recommend that you adhere to principles of Zero Trust while designing, commissioning, and modifying your deployment. Zero Trust includes authenticating and authorizing traffic whenever possible, giving the least amount of access required to sessions and entities, and assuming that a security breach could originate from anywhere. A Zero Trust security model helps mitigate the effect of a breach if a device or network is compromised. For more information on Zero Trust principles, see Zero Trust Model - Modern Security Architecture | Microsoft Security.

This documentation uses Transport Layer Security (TLS) certificates to refer to X.509 certificates used with the TLS protocol. Outside of this product’s documentation, you may see TLS certificates referred to as SSL/TLS certificates or just SSL certificates. These terms are often used interchangeably, even though Secure Sockets Layer (SSL) is a distinct protocol from TLS.

Connections between REM and the Rhino TAS server are encrypted with the TLS protocol. For additional security, we recommend that you run REM over HTTPS. For details, see Running REM over HTTPS.

Establish trust domains and configure security controls on trust boundaries.

You must establish trust domains around your devices and network and configure security controls on the trust boundaries such as firewalls, network security groups, and rate limiting, even when you control the devices on both sides of the boundary.

Replace certificates at least once per year.

We recommend that you replace certificates at least once per year, including removing the old certificates from your system. This is known as rotating certificates. You might need to rotate your certificates more frequently if they expire after less than one year, or if organizational policies require it.

Product Documentation

Rhino Element Manager Changelog
New features, improvements and bug fixes included in each software release.

Acknowledgements
Acknowledgements of third-party content used in this product.


Rhino Element Manager Guide
Basic overview and getting started with the Rhino Element Manager.

Rhino Element Manager Plugin Development Guide
Writing Rhino Element Manager plugins.

Rhino Element Manager Upgrade Guide
How to upgrade Rhino Element Manager to a later version.


APIs

Rhino Element Manager Common API Javadoc
Javadoc for the Rhino Element Manager common API.

Rhino Element Manager Services API Javadoc
Javadoc for the Rhino Element Manager services API.

Rhino Element Manager Core API Javadoc
Javadoc for the Rhino Element Manager core API.

Rhino Element Manager SDK API Javadoc
Javadoc for the Rhino Element Manager SDK API.

Documentation for other versions of the Rhino Element Manager is also available.