ElectricFlow Security Overview

Technical Brief
ElectricFlow Security Overview
Enterprise-grade Security
ElectricFlow Security Overview: Enterprise-grade Security
ElectricFlow is a unified DevOps orchestration solution
that provides enterprise-scale automation and endto-end visibility across the software delivery lifecycle.
Software enterprises must enforce separation of
duties, pass compliance audits, and enable rapid
troubleshooting. It is therefore critical to both control
and visualize the path of every artifact that is built,
tested, and deployed. ElectricFlow serves as a “single
pane of glass” solution that automates these build, test,
and deploy processes. To orchestrate this work in an
auditable and secure manner, ElectricFlow implements
multiple security features:
Access control: ElectricFlow provides a granular
access control model that addresses simple, complex,
and hybrid use cases. Administrators control which
groups and users can read, modify, execute, or change
permissions of any object in the system.
Every
ElectricFlow object – such as a project, procedure,
job, property sheet, workspace, schedule, or resource
– contains an access control list which determines
who can do what with the object. This model allows
for traditional role based access control (RBAC)
configuration privileges, but also provides additional
flexibility and granularity to specify individual and/or
group privileges.
Access Control List (ACL) : To determine whether a
user can perform an operation on a particular object,
ElectricFlow determines which of the four privileges
(read, modify, execute, change permissions) are
required for that operation. It then searches all
access control entries that refer to that user or groups
containing that user. To be allowed access, at least one
of the matching entries must specify “allow” and none
of the entries can be “deny.” A “deny” entry overrides
an “allow” entry in the same ACL. If no explicit allow or
deny is found, the server will walk its way up the object
hierarchy and check every ACL until the highest-level
server ACL. If it does not see an explicit allow, it will
deny access. This allows access to be granted at both
coarse and fine grained levels.
Active Directory (AD) and LDAP: ElectricFlow
integrates with AD and LDAP, providing a configurable
2
mechanism to use existing corporate directory
providers for authentication and access control.
External account information from AD/LDAP cannot
be modified by ElectricFlow. In addition to utilizing
corporate directory providers, ElectricFlow also
supports local user and group accounts. These can be
used alone, in the absence of a corporate AD/LDAP, or
in combination with AD/LDAP for a hybrid set-up.
Local groups consisting of AD/LDAP users can also be
created for RBAC if there are no AD/LDAP groups that
match the roles.
Agent server protocol: ElectricFlow agents
communicate with trusted servers via SSL-encryted
XML over HTTP . The server and agent communication
can be configured to perform PKI certificate validation
to validate the identity of the other party.
Anti-spoofing: The agent/server architecture is
fault-tolerant. If a server is removed or goes down,
the agents will become dormant. With PKI certificate
validation they will reject any connection attempts
from any host but the server. This trusted relationship
between server and agent make sure that agents will
respond to communication only for a verified server
and cannot be spoofed.
Credentials: ElectricFlow stores sensitive information
(e.g. passwords or SSH keys) securely using encrypted
credentials. Only users who have access to all
credentials used by a particular step may modify that
step, thus preventing hijacking or other malicious
activity. Once a credential has been stored in the
system, ElectricFlow locks down its usage with access
control. To use a credential for any purpose, a user
who attempts to reference the credential must have
execute permission on the credential object, which
is initially limited to and controlled by the user who
created the credential. After an object has a credential
attached, object modifications are restricted to users
who have both execute permission on the credential
and modify permission on that object. This safeguard
helps prevent credentials from accidentally being used
by unauthorized users.
User impersonation: ElectricFlow allows certain rolebased accounts to be selected on a per-job or per-jobstep basis—this mechanism is called impersonation
(the ElectricFlow agent impersonates a particular user
for the duration of a job step). Implemented to address
the principle of least privilege, ElectricFlow offers much
finer grain control over privileges than shell scripts.
Impersonation is useful when certain commands
can only be run by specific users (e.g. privileged
processes that must be run as root on UNIX agents
or administrator on Windows agents). Usernames and
passwords used for impersonation are stored securely
in credentials. If a step uses impersonation, only users
with access to the credential may modify the step, thus
preventing hijacking or other malicious activity.
Zones and gateways: ElectricFlow zones are used
to partition groups of agents to secure them from
use by other groups. For example, you might create
DEV/TEST/PROD zones where agents in one zone
cannot directly communicate with agents in another
zone. This configuration is typically used to lock down
communication between an insecure/outside network
and a secure/inside network. Each zone has one or
more gateway agents, which are used to communicate
with other zones. These gateway agents are considered
trusted as the ElectricFlow server verifies the agent’s
identity using PKI certificate verification.
ElectricFlow Security Overview: Enterprise-grade Security
About Electric Cloud
Electric Cloud powers Continuous Delivery. We help
mobile, embedded systems and enterprise web/IT
providers deliver better software faster by automating
and accelerating build, test, and deployment processes
at scale. Industry leaders like Qualcomm, SpaceX,
Cisco, GE, Gap, and E*TRADE use Electric Cloud
solutions and services to boost DevOps productivity
and Agile throughput.
For more information, visit electric-cloud.com.
Corporate Headquarters
Electric Cloud, Inc.
35 S. Market St, Ste 100, San Jose, CA 95113
T: 408.419.4300 F: 408.419.4399
[email protected]
www.electric-cloud.com
Electric Cloud Europe
1650 Arlington Business Park
Theale, Reading
Berkshire RG7 4SA United Kingdom
T: +44 (0) 0207.872.5500
[email protected]
Electric Cloud Japan KK
22F Shibuya Mark City West
1-12-1 Dogenzaka, Shibuya-ku
Tokyo 150-0043 Japan
T: +81.3.4360.5375
[email protected]
©2015 Electric Cloud, Inc. All rights reserved. Electric Cloud, Electric Make, ElectricAccelerator, ElectricCommander and ElectricInsight are trademarks of Electric Cloud, Inc. Microsoft and Visual Studio are
either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other names are used for identification purposes only and are trademarks of their respective
companies.