[
https://issues.apache.org/jira/browse/CLOUDSTACK-9993?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rohit Yadav updated CLOUDSTACK-9993:
------------------------------------
Status: Reviewable (was: In Progress)
> Secure Agent Communications
> ---------------------------
>
> Key: CLOUDSTACK-9993
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9993
> Project: CloudStack
> Issue Type: New Feature
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Fix For: Future, 4.11.0.0
>
>
> In current CloudStack, the agent-management server communication is weakly
> secured by one way SSL authentication while encrypted and allows for any
> client/agent to connect and be served by the management server. There are
> other services that need TLS/SSL security and upcoming features such as
> container/application service etc. require certificate management. The common
> issue is CloudStack has no certificate management to provide security for its
> internal component especially the agent-mgmt server and mgmt-mgmt server
> communication. The aim of this feature is to provide pluggable CA
> (certificate authority) management in CloudStack that can fetch/provision
> certificates to (new) host(s) and systemvms. As a default CA plugin, a root
> CA plugin will be implement where CloudStack becomes a self-signed Root
> Certificate Authority. Developers will have option to implement further
> integration with their TLS/SSL cert providers such as letsencrypt and other
> vendors.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
