Page History
...
- Network connections between components use the HTTPS protocol.
- Such connections are secured by x509 certificates, by default using mutual client and server authentication.
- Connections are established in one direction only.
Certificate Management
Certificate Preparation
Certificate Deployment
Certificate Management Life Cycle
...
- Configuration objects are automatically signed by JOC Cockpit. This task is performed implicitly when deploying objects.
- This mechanism is easy to use from a single-click operation as signing operations are performed without user interaction.
- At the same time there is no certainty about who has deployed objects, as any user who is authorized to deploy objects can use the relevant deployment function with a single mouse click.
Security Level Medium: User based Signing
- Configuration objects are signed individually with the private key of the user. This applies within the scope of permissions used in JOC Cockpit to authorize individual accounts for deploying configuration objects.
- This mechanism is similar to implicit signing except for the fact that the private key stored with the current user's profile is used.
- Note that similarly to implicit signing, all private and public keys of users are stored in a database and therefore are accessible to a DBA or system administrator.
Security Level High: External Signing
- The security level requires any configuration objects to be exported and to be signed individually outside of the JOC Cockpit.
- This guarantees that at any point in time, the JOC Cockpit has no knowledge about the private key used for signing.
- Security has a price: there is some effort required to export a configuration, to sign it and to import the signed configuration.
Secure Roll-out
- A roll-out includes transferring configuration objects between environments, for example from development to test and to production environments.
- Steps for roll-out include considering:
- that the roll-out might include shared responsibilities, for example being performed by a different individual to the one who manages the configuration. For example:
- a developer will create workflows and jobs in a development environment and deploy them to Controllers and Agents in that environment.
- an application manager will perform quality assurance and pick up configurations from a development environment for roll-out to a test environment
- a release manager will authorize roll-out from a test environment to a production environment.
- that when exporting a configuration, the affected configuration objects are downloaded to a single archive file (.zip, .tar.gz)
- that should Security Level High be in place, then signing the downloaded configuration objects will include the tasks:
- transferring the downloaded archive to a secure environment, for example to a computer that is separated from the network.
- extracting the archive to disk and to use a program that applies to proven standards to signing the files included with the archive. This step includes the user's private key being used to sign files. As a result a signature file is created for each file extracted from the archive.
- adding the extracted files and the signature files to an archive file.
- that the archive with signed files has to be transferred to the target environment. This includes using any means for file transfer such as copying between servers, use of SCP, SFTP etc.
- that the archive with signed files has to be imported to JOC Cockpit in the target environment.
- that the roll-out might include shared responsibilities, for example being performed by a different individual to the one who manages the configuration. For example:
- The final step includes deploying the imported and signed configuration objects to the target environment.
- This task can be performed by the same individual who signed and transferred the archive file or this can require a separate role in the JOC Cockpit to be authorized to deploy in the target environment.
...
Overview
Content Tools