With the gateway up and running it is desirable to tune the configuration of the gateway, for example:
- Modify the heap space available as the environment is better understood
- Configuration of features such as OAuth 2.0 validation for the APIs
But to make the gateway production-ready, it is recommended several things be considered:
- Is the file system in which the gateway is installed secured, so that the gateway can be run, log files generated but nothing else? This is part of good Linux security.
- If HTTPS is being used, are good certificates properly deployed?
- Execution of the lockdown process.