JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 35

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 36

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PDF
nameJS7_JobScheduler_Security_Architecture.pdf

Anchor
secure_communication
secure_communication
Secure Communication

Network Connections

  • Network connections between components use the HTTPS protocol.
  • Such connections are secured by x509 certificates, optionally using mutual client and server authentication.
  • Connections are established in one direction only.

...

  • Certificates are created:
    • either from a CA independently from JS7,
      • This applies to users of JS7 who require high security levels the "high" Security Level and therefore operate a CA on their own.
    • or directly from the JS7 JOC Cockpit.
      • This applies to users of JS7 who prefer a modest security level Security Level "low" or "medium" without the effort of maintaining a CA.
      • The JOC Cockpit implements:
        • a Root CA and Intermediate CA to create certificates for JS7 components.
        • deployment capabilities to prepare the security configuration for JS7 components, i.e. to generate keystores and truststores which the relevant certificates are added to.
  • Certificates can be maintained with JOC Cockpit if an individual CA is not in place.
    • Private Keys and Certificates are stored with the JS7 database.
    • A user interface is available for operations on certificates, such as creating, updating and deleting certificates.
  • Certificates are prepared for deployment:
    • A keystore and truststore to hold the required certificates is created for all individual JS7 components such as Controllers or Agents.
    • Keystores and truststores can be forwarded to Controllers and Agents by any suitable means, e.g. for example by file transfer, SSH, transportable disks etc.
    • Keystores and truststores can be imported to Controllers and Agents using a shell script.

...

  • Certificates are revoked by deploying updated certificates.
  • Support for Certificate Revocation Lists (CRL) can be added at a later point in time if requiredis not in place.
    • The Java architecture and certificate types allow implementation of a CRL.

Anchor
secure_configuration
secure_configuration
Secure Configuration

  • Configurations include all deployable scheduling objects that are used for job execution with Agents, such as workflows, jobs etc.
  • The deployment of jobs deployed to Agents can include calls to OS commands, scripts and binaries. Such deployments should be considered as a code injection to a remote machine requiring authentication and authorization.
  • Therefore a configuration is scheduling objects are required to be signed by a responsible person:
    • this This guarantees that workflows, jobs etc. are authorized for deployment by individuals who are in charge of this task.
    • this This guarantees non-repudiability of deployments.
  • JOC Cockpit offers different security levels Security Levels for deployment tasksof scheduling objects.

Secure Deployment

  • To deploy configuration scheduling objects to a Controller in a given environment includes transferring objects such as workflows and jobs.
  • This step can be simplified for, for example, development environments, when frequent changes occur to configuration scheduling objects and deployments are performed with a single mouse click.
  • This step can be more complex if sharing of responsibilities is included, for example, when rolling-out configuration scheduling objects from a development environment to a test or production environment. This situation is called a roll-out and is explained in the subsequent chapter.
  • A secure deployment matches the security requirements in a given environment. Therefore the JOC Cockpit can be operated with different Security Levels.
    • "Low" and "medium" Security Levels allow simplified deployment and are suitable for environments with modest security requirements.
    • The "high" Security Level takes more effort and is targeted towards organizations with more elaborate security requirements.
  • Security Levels are put in place during the installation of the JOC Cockpit. Each instance of the JOC Cockpit can be only operated at a single Security Level. There is no fallback from a Security Level "high" to a "medium" or "low" security level. Changing the Security Level requires reinstalling JOC Cockpit.

...