Rohit Yadav created CLOUDSTACK-9993:
---------------------------------------
Summary: Secure Agent Communications
Key: CLOUDSTACK-9993
URL: https://issues.apache.org/jira/browse/CLOUDSTACK-9993
Project: CloudStack
Issue Type: New Feature
Security Level: Public (Anyone can view this level - this is the default.)
Reporter: Rohit Yadav
Assignee: Rohit Yadav
Fix For: Future, 4.11.0.0
In current CloudStack, the agent-management server communication is weakly
secured by one way SSL authentication while encrypted and allows for any
client/agent to connect and be served by the management server. There are other
services that need TLS/SSL security and upcoming features such as
container/application service etc. require certificate management. The common
issue is CloudStack has no certificate management to provide security for its
internal component especially the agent-mgmt server and mgmt-mgmt server
communication. The aim of this feature is to provide pluggable CA (certificate
authority) management in CloudStack that can fetch/provision certificates to
(new) host(s) and systemvms. As a default CA plugin, a root CA plugin will be
implement where CloudStack becomes a self-signed Root Certificate Authority.
Developers will have option to implement further integration with their TLS/SSL
cert providers such as letsencrypt and other vendors.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
