Page History
| Table of Contents |
|---|
Scope
- The Security Architecture includes
- Secure Communication
- Certificate Management: Create and deploy certificates for secure communication between components
- Life Cycle Management: Create, update and delete certificates and deploy changes to components
- Secure Configuration
- Configurations include workflows, jobs and related objects.
- Such objects are digitally signed by a responsible person
- Secure Communication
Secure Communication
Network Connections
...
| Flowchart |
|---|
JOC [label=" JOC Cockpit ",fillcolor="green"] CA_RootPrimaryMaster [label=" RootPrimary CAMaster ",fillcolor="orange"] CA_IntermediateBackupMaster [label=" IntermediateBackup CAMaster ",fillcolor="orange"] Agent [label=" Agent ",fillcolor="lightskyblue"] JOC -> PrimaryMaster [label=" https "] JOC -> BackupMaster [label=" https "] PrimaryMaster -> Agent [label=" https "] BackupMaster -> Agent [label=" https "] |
Certificate Management
Certificate Creation
| Flowchart |
|---|
JOC [label=" Primary Master JOC Cockpit ",fillcolor="lightskybluegreen"] BackupMasterCA_Root [label=" BackupRoot MasterCA ",fillcolor="lightskyblueorange"] AgentCA_Intermediate [label=" AgentIntermediate CA ",fillcolor="lightskyblueorange"] CA_RootCertificate [shape="ellipse",shape="ellipse",label="Root CA Certificate",fillcolor="orange"] CA_IntermediateCertificate [shape="ellipse",label="Intermediate CA Certificate",fillcolor="orange"] CA_Bundle [shape="ellipse",label="CA Bundle",fillcolor="yellow"] PrimaryMaster_PrivateKey [shape="ellipse",label="PrimaryMaster Private Key",fillcolor="lightskyblue"] # PrimaryMaster_Certificate [shape="ellipse",label="Primary Master Certificate",fillcolor="white"] BackupMaster_PrivateKey [shape="ellipse",label="Backup Master Private Key",fillcolor="lightskyblue"] # BackupMaster_Certificate [shape="ellipse",label="Backup Master Certificate",fillcolor="white"] Agent_PrivateKey [shape="ellipse",label="Agent Private Key",fillcolor="lightskyblue"] JOC -> CA_Root JOC -> CA_Intermediate CA_Root -> CA_RootCertificate [label=" create and sign "] CA_Root -> CA_IntermediateCertificate [label=" sign "] CA_Intermediate -> CA_IntermediateCertificate [label=" create "] CA_RootCertificate -> CA_Bundle [label=" add "] CA_IntermediateCertificate -> CA_Bundle [label=" add "] # CA_Intermediate -> PrimaryMaster_PrivateKey [label=" create and sign "] PrimaryMaster_PrivateKey -> PrimaryMaster [label=" transfer "] # CA_RootCertificate -> PrimaryMaster [label=" transfer "] # CA_IntermediateCertificate -> PrimaryMaster_PrivateKey [label=" transfercreate/sign "] CA_Bundle -> PrimaryMaster [label=" transfer "] # CA_Intermediate -> BackupMaster_PrivateKey [label=" create and sign "] BackupMaster_PrivateKey -> BackupMaster [label=" transfer "] # CA_RootCertificateIntermediateCertificate -> BackupMaster [label=" transfer "] # CA_IntermediateCertificate -> BackupMaster_PrivateKey [label=" transfercreate/sign "] CA_Bundle -> BackupMaster [label=" transfer "] # CA_Intermediate -> Agent_PrivateKey [label=" create and sign "] Agent_PrivateKey -> Agent [label=" transfer "] # CA_RootCertificate -> Agent [label=" transfer "] # CA_IntermediateCertificate -> Agent_PrivateKey [label=" transfercreate/sign "] CA_Bundle -> Agent [label=" transfer "] |
Certificate Deployment
| Flowchart |
|---|
JOC [label=" JOC Cockpit ",fillcolor="lightskybluegreen"] PrimaryMaster [label=" Primary Master ",fillcolor="lightskyblue"] BackupMaster [label=" Backup Master ",fillcolor="lightskyblue"] JOC_TruststoreAgent [label="JOC Cockpit Truststore\nRoot/Intermediate CA certificates Agent ",fillcolor="orange"] # JOC_Keystore [label="JOC Cockpit Keystore",fillcolor="orangelightskyblue"] PrimaryMaster_Truststore [label="Primary Master Truststore\nRoot/Intermediate CA certificates",fillcolor="orange"] PrimaryMaster_Keystore_Bundle [labelshape="Primary Master Keystore\nPrimary Master Private Key",fillcolor="orange"] BackupMaster_Truststore [label="Backup Master Truststore\nRoot/Intermediate CA certificatesellipse",label="CA Bundle",fillcolor="orangeyellow"] BackupMaster_Keystore [label="Backup Master Keystore\nBackup Master Private Key",fillcolor="orange"] CA_RootCertificate [shape="ellipse", PrimaryMaster_PrivateKey [shape="ellipse",label="RootPrimaryMaster CAPrivate CertificateKey",fillcolor="orangelightskyblue"] CA# PrimaryMaster_IntermediateCertificateCertificate [shape="ellipse",label="IntermediatePrimary CAMaster Certificate",fillcolor="orangewhite"] PrimaryMasterBackupMaster_PrivateKey [shape="ellipse",label="PrimaryMasterBackup Master Private Key",fillcolor="lightskyblue"] # PrimaryMasterBackupMaster_Certificate [shape="ellipse",label="PrimaryBackup Master Certificate",fillcolor="lightskybluewhite"] BackupMasterAgent_PrivateKey [shape="ellipse",label="BackupAgent Master Private Key",fillcolor="lightskyblue"] # BackupMaster_Certificate [shape="ellipse",label="Backup Master Certificate",fillcolor="lightskyblue"] PrimaryMaster JOC -> PrimaryMasterCA_KeystoreBundle PrimaryMasterJOC -> PrimaryMaster_Truststore BackupMaster -> BackupMaster_Keystore BackupMaster -> BackupMaster_Truststore # JOCPrivateKey [label=" create/sign "] PrimaryMaster_PrivateKey -> JOC_Keystore JOC -> JOC_Truststore JOC -> CA_RootCertificatePrimaryMaster [label=" deploy "] CA_Bundle -> CA_IntermediateCertificatePrimaryMaster -> JOC_Truststore [label=" deploy "] JOC -> PrimaryMasterBackupMaster_PrivateKey -> PrimaryMaster_Keystore CA_RootCertificate[label=" create/sign "] BackupMaster_PrivateKey -> PrimaryMaster_Truststore BackupMaster [label=" deploy "] CA_IntermediateCertificateBundle -> PrimaryMaster_TruststoreBackupMaster [label=" deploy "] JOC -> BackupMasterAgent_PrivateKey -> BackupMaster_Keystore CA_RootCertificate -> BackupMaster_Truststore CA_IntermediateCertificate -> BackupMaster_Truststore [label=" create/sign "] Agent_PrivateKey -> Agent [label=" deploy "] CA_Bundle -> Agent [label=" deploy "] |
Certificate Life Cycle
tbd
Secure Configuration
tbd
Overview
Content Tools