Analyzing the impact of using a security profile on your existing implementation is important to minimize the potential disruptions in your integrations.

You can enable a security profile based on the security needs of your environment. You can switch the security profile from DEV to PROD when setting up security for your production environment. Similarly, when you need to reset the security settings of Integration Server to the default values, to fix a broken integration, or for backward compatibility reasons, you can switch to the DEV security profile.

Switching the security profile from DEV to PROD can have significant impact on your existing integrations. The PROD security profile makes the Integration Server highly restrictive to external systems and therefore, secure from vulnerabilities. However, this can prevent existing integrations from working as expected. For example, consider that a client application is set up to request services in Integration Server over an HTTP port. An administrator enables the PROD security profile to set up secure communications with Integration Server, which disables all the HTTP ports and enables only the default HTTPS port. As a result, client requests to Integration Server fail.

In contrast, switching the security profile from PROD to DEV not only resets Integration Server to its default security settings but also relaxes the security configurations, making it insecure. For example, consider an existing integration that is designed assuming a less restrictive security environment. However, an administrator enables the PROD security profile to set up secure communications with Integration Server. After enabling the PROD profile, the integration does not work as expected. The administrator switches to the DEV profile, restoring the original functionality but leaving Integration Server vulnerable to insecure client requests over HTTP ports.

Therefore, switching between profiles involves a careful balance between security and operational needs. To ensure security and the expected server behavior after enabling a security profile, use the profile on a development or test environment that mirrors the production environment as closely as possible. Define specific test scenarios to assess the impact of the configuration changes, monitor failing services or unexpected behavior in Integration Server, and adjust the security settings accordingly. For more information, see Overriding Security Profile Settings.