JS7 JobScheduler

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Scope

  • The Security Architecture includes
    • Secure Communication
      • Certificate Management: Create and deploy certificates for secure communication between components
      • Life Cycle Management: Create, update and delete certificates and deploy changes to components
    • Secure Configuration
      • Configurations include workflows, jobs and related objects.
      • Such objects are digitally signed by a responsible person
  • Wording
    • The term Deployment applies to a situation that a configuration is transferred from JOC Cockpit to a Master.
    • The term Roll-out applies to a situation that a configuration is transferred between environments, e.g. from dev to test and to prod. Within the respective target environment a Deployment is performed to transfer configuration objects to Masters and Agents.

Secure Communication

Network Connections

  • Network connections between components use the HTTPS protocol.
  • Such connections are secured by
  • Connections are established in one direction only.


Certificate Management

Certificate Creation


Certificate Deployment



Certificate Life Cycle

Certificate Creation

  • Certificates are created
    • either from a CA indepndently from JS7
      • This applies to users of JS7 who require high security levels and therefore operate a CA on their own.
    • or directly from the JS7 JOC Cockpit
      • This applies to users of JS7 who prefer a modest security level without the effort of maintaining a CA.
      • The JOC Cockpit implements
        • a Root CA and Intermediate CA to create certificates for JS7 components.
        • deployment capabilities to prepare the security configuration for JS7 components, i.e. to generate keystores and truststores that are added the respective certificates.
  • Certificates can be maintained with JOC Cockpit should no individual CA be in place.
    • Private Keys and Certificates are stored with the JS7 database.
    • A user interface is available for any operations on certificates, such as creating, updating and deleting certificates.
  • Certificates are prepared for deployment:
    • For each JS7 component such as Masters and Agents a keystore and truststore is created that holds the required certificates.
    • Keystores and truststores can be forwarded to Masters and Agents by any suitable means, e.g. file transfer, SSH, transportable disks etc.
    • Keystores and truststores can be imported to Masters and Agents by use of a shell script.

Certificate Revocation

  • Certificates are revoked by deploying updated certificates.
  • Support for Certificate Revocation Lists (CRL) can be added at a later point in time if such demand occurs.
    • The Java architecture and certificate types allow implementation of a CRL.

Secure Configuration

  • Configurations include any deployable objects that are used for job execution with Agents, such as workflows, jobs etc.
  • Basically the deployment of jobs that include e.g. calls to OS commands, scripts and binaries, to any Agents should be considered a code injection to a remote machine that requires authentication and authorization.
  • Therefore a configuration is required to be signed by a responsible person:
    • this guarantees that workflows, jobs etc. are authorized for deployment by individuals who are in charge of this task.
    • this guarantees non-repudiability of deployments.
  • JOC Cockpit offers different security levels for deployment tasks.

Security Levels

Security Level Low: Implicit Signing

  • Any configuration objects are automatically signed by JOC Cockpit. This tasks is performed automatically when deploying objects.
  • This mechanism is easy to use as signing operations are performed implicitly without user interaction.
  • At the same time there is no certainty about who deployed objects as any user who is authorized to deploy objects can use the respective deploy functionality from a single mouse click.

Security Level Medium: Individual Signing

  • Configuration objects are signed individually with the private key of the user. This applies within the scope of permissions used in JOC Cockpit to authorize individual accounts for deploying configuration objects.
  • This mechanism is similar to implicit signing except for the fact that the private key stored with the current user's profile is used.
  • Consider that similar to implicit signing all private and public keys of users are stored in a database and therefore are accessible by a DBA or system administrator.

Security Level High: External Signing

  • Thie security level requires any configuration objects to be exported and to be signed individually outside of JOC Cockpit.
  • This guarantees that at no point in time JOC Cockpit has any knowledge about the private key used for signing.
  • Security has a price: there is some effort to export a configuration, to sign it and to import the signed configuration.

Secure Roll-out











  • No labels