JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 42

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 43

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
SEO Metadata
keywordsAgent Cluster, High Availabilitly
titleSecurity Architecture

JS7 brings a security architecture based on certificates for connections between components products and for digital signing of workflows and jobs

...

  • The Security Architecture includes:
    • Secure Communication:
      • Certificate Management: Create and deploy certificates for secure network communication between componentsproducts.
      • Life Cycle Management: Create, update and delete certificates and deploy changes to componentsproducts.
    • Secure Configuration:
      • Configurations include workflows, jobs and related objects.
      • These objects are digitally signed and deployed by a responsible person.
    • Secure Operation:
      • Access Management: Authentication and Authorization via a LDAP, OIDC etc.
      • Credential Management: Use of a Credential Store for confidential data.
  • Wording
    • The term Deployment applies to a situation when a configuration is transferred from the JOC Cockpit to a Controller.
    • The term Roll-out applies to a situation when a configuration is transferred between environments, for example from non-production to production environments. Within the respective target environment a Deployment is performed to transfer configuration objects to Controllers and Agents.

...

  • Network connections between components use products use the HTTPS protocol.
  • Such connections are secured by x509 certificates, by default using mutual client and server authentication.
  • Connections are established in one direction only.

...

  • Certificates are created:
    • either from a CA independently from JS7,
      • This applies to users of JS7 who require the "high" Security Level and therefore operate a CA of their own.
    • or directly from the JS7 - Certificate Authority in JOC Cockpit.
      • This applies to users of JS7 who prefer a modest "low" or "medium" Security Level without the effort of maintaining a CA.
      • The JOC Cockpit implements:
        • a Root CA and Intermediate CA to create certificates for JS7 componentsproducts.
        • deployment capabilities to prepare the security configuration for JS7 componentsproducts, i.e. to generate keystores and truststores which the relevant certificates are added to.
  • Certificates can be maintained with JOC Cockpit if an individual CA is not in place.
    • Private Keys and Certificates are stored with the JS7 database.
    • A user interface is available for operations on certificates, such as creating, updating and deleting certificates.
  • Certificates are prepared for deployment:
    • A keystore and truststore to hold the required certificates is created for individual JS7 components products such as Controllers or Agents.
    • Keystores and truststores can be forwarded to Controllers and Agents by any suitable means, for example by file transfer, SSH, transportable disks etc.
    • Keystores and truststores can be imported to Controllers and Agents using a shell script.

...