-
Notifications
You must be signed in to change notification settings - Fork 174
High level security considerations & status
George Hicken edited this page Dec 6, 2016
·
3 revisions
High level list of security related items
- Client authentication via client certificates (tlsverify)
- Thumbprint validation of vSphere systems
- Authenticated access to vic-admin (logs and status, no control)
- Automated application of RBAC constraints to provided VCH operations user
- Proxy support
- Custom Certificate Authority bundles for validating private registries
- Automated creation of RBAC constrained user for VCH operation
- Throttling of vSphere control plane operations (DDoS potential)
- Automated installation of persistent firewall rules
- Certificate revocation
- VCH credentials hidden from guest
- Mutual authentication between containerVMs and VCH applianceVM on the management network
- Image signature validation (JWS signature on images registry)
- Registry white & black lists for secure registries