Page History
...
Security
Secure rollout of JS7 components products is critical. It is therefore recommended that the solution described here is adjusted to suit specific security needs.
- Rollout of JS7 Agents is considered critical as the software allows jobs to be executed on a larger number of servers.
- Integrity of the sources for downloads of JS7 components products deserves attention.
- This includes intermediate devices to which JS7 software installers are stored in a user's environment.
- It is an option to run the Agent Installation Script from
sudo
and to use the digest functionality that compares the script to a hash value stored with thesudoers
file.
- The solution provided for updating, upgrading and patching JS7 Agents is based on shell scripting by design:
- to provide readability and to rely on OS commands only,
- to deny the use of any 3rd-party components and additional dependencies that require code to be executed on the machines that run Agents.
- The Agent Installation Script can be integrated in a number of ways:
- by running one's own SSH scripts on top of the Agent Installation Script,
- by use with tools such as Ansible®, Puppet® that make use of an SSH Client,
- by use of JS7 workflow automation as explained below.
- It is recommended that a separate standalone Controller and Agent are set up for deployment purposes, for details see JS7 - Deployment.
- Access to the Controller and Agent for rollout should be securely managed.
- JS7 Agents can be rolled out from a Controller to which the Agents are not registered.
...
Overview
Content Tools