Page History
SEO Metadata | ||||
---|---|---|---|---|
| ||||
JS7 brings a security architecture based on certificates for connections between components products and for digital signing of workflows and jobs |
...
- The Security Architecture includes:
- Secure Communication:
- Certificate Management: Create and deploy certificates for secure network communication between componentsproducts.
- Life Cycle Management: Create, update and delete certificates and deploy changes to componentsproducts.
- Secure Configuration:
- Configurations include workflows, jobs and related objects.
- These objects are digitally signed and deployed by a responsible person.
- Secure Operation:
- Access Management: Authentication and Authorization via a LDAP, OIDC etc.
- Credential Management: Use of a Credential Store for confidential data.
- Secure Communication:
- Wording
- The term Deployment applies to a situation when a configuration is transferred from the JOC Cockpit to a Controller.
- The term Roll-out applies to a situation when a configuration is transferred between environments, for example from non-production to production environments. Within the respective target environment a Deployment is performed to transfer configuration objects to Controllers and Agents.
...
- Network connections between components use products use the HTTPS protocol.
- Such connections are secured by x509 certificates, by default using mutual client and server authentication.
- Connections are established in one direction only.
...
- Certificates are created:
- either from a CA independently from JS7,
- This applies to users of JS7 who require the "high" Security Level and therefore operate a CA of their own.
- or directly from the JS7 - Certificate Authority in JOC Cockpit.
- This applies to users of JS7 who prefer a modest "low" or "medium" Security Level without the effort of maintaining a CA.
- The JOC Cockpit implements:
- a Root CA and Intermediate CA to create certificates for JS7 componentsproducts.
- deployment capabilities to prepare the security configuration for JS7 componentsproducts, i.e. to generate keystores and truststores which the relevant certificates are added to.
- either from a CA independently from JS7,
- Certificates can be maintained with JOC Cockpit if an individual CA is not in place.
- Private Keys and Certificates are stored with the JS7 database.
- A user interface is available for operations on certificates, such as creating, updating and deleting certificates.
- Certificates are prepared for deployment:
- A keystore and truststore to hold the required certificates is created for individual JS7 components products such as Controllers or Agents.
- Keystores and truststores can be forwarded to Controllers and Agents by any suitable means, for example by file transfer, SSH, transportable disks etc.
- Keystores and truststores can be imported to Controllers and Agents using a shell script.
...
Overview
Content Tools