Technical Brief ElectricFlow Security Overview Enterprise-grade Security ElectricFlow Security Overview: Enterprise-grade Security ElectricFlow is a unified DevOps orchestration solution that provides enterprise-scale automation and endto-end visibility across the software delivery lifecycle. Software enterprises must enforce separation of duties, pass compliance audits, and enable rapid troubleshooting. It is therefore critical to both control and visualize the path of every artifact that is built, tested, and deployed. ElectricFlow serves as a “single pane of glass” solution that automates these build, test, and deploy processes. To orchestrate this work in an auditable and secure manner, ElectricFlow implements multiple security features: Access control: ElectricFlow provides a granular access control model that addresses simple, complex, and hybrid use cases. Administrators control which groups and users can read, modify, execute, or change permissions of any object in the system. Every ElectricFlow object – such as a project, procedure, job, property sheet, workspace, schedule, or resource – contains an access control list which determines who can do what with the object. This model allows for traditional role based access control (RBAC) configuration privileges, but also provides additional flexibility and granularity to specify individual and/or group privileges. Access Control List (ACL) : To determine whether a user can perform an operation on a particular object, ElectricFlow determines which of the four privileges (read, modify, execute, change permissions) are required for that operation. It then searches all access control entries that refer to that user or groups containing that user. To be allowed access, at least one of the matching entries must specify “allow” and none of the entries can be “deny.” A “deny” entry overrides an “allow” entry in the same ACL. If no explicit allow or deny is found, the server will walk its way up the object hierarchy and check every ACL until the highest-level server ACL. If it does not see an explicit allow, it will deny access. This allows access to be granted at both coarse and fine grained levels. Active Directory (AD) and LDAP: ElectricFlow integrates with AD and LDAP, providing a configurable 2 mechanism to use existing corporate directory providers for authentication and access control. External account information from AD/LDAP cannot be modified by ElectricFlow. In addition to utilizing corporate directory providers, ElectricFlow also supports local user and group accounts. These can be used alone, in the absence of a corporate AD/LDAP, or in combination with AD/LDAP for a hybrid set-up. Local groups consisting of AD/LDAP users can also be created for RBAC if there are no AD/LDAP groups that match the roles. Agent server protocol: ElectricFlow agents communicate with trusted servers via SSL-encryted XML over HTTP . The server and agent communication can be configured to perform PKI certificate validation to validate the identity of the other party. Anti-spoofing: The agent/server architecture is fault-tolerant. If a server is removed or goes down, the agents will become dormant. With PKI certificate validation they will reject any connection attempts from any host but the server. This trusted relationship between server and agent make sure that agents will respond to communication only for a verified server and cannot be spoofed. Credentials: ElectricFlow stores sensitive information (e.g. passwords or SSH keys) securely using encrypted credentials. Only users who have access to all credentials used by a particular step may modify that step, thus preventing hijacking or other malicious activity. Once a credential has been stored in the system, ElectricFlow locks down its usage with access control. To use a credential for any purpose, a user who attempts to reference the credential must have execute permission on the credential object, which is initially limited to and controlled by the user who created the credential. After an object has a credential attached, object modifications are restricted to users who have both execute permission on the credential and modify permission on that object. This safeguard helps prevent credentials from accidentally being used by unauthorized users. User impersonation: ElectricFlow allows certain rolebased accounts to be selected on a per-job or per-jobstep basis—this mechanism is called impersonation (the ElectricFlow agent impersonates a particular user for the duration of a job step). Implemented to address the principle of least privilege, ElectricFlow offers much finer grain control over privileges than shell scripts. Impersonation is useful when certain commands can only be run by specific users (e.g. privileged processes that must be run as root on UNIX agents or administrator on Windows agents). Usernames and passwords used for impersonation are stored securely in credentials. If a step uses impersonation, only users with access to the credential may modify the step, thus preventing hijacking or other malicious activity. Zones and gateways: ElectricFlow zones are used to partition groups of agents to secure them from use by other groups. For example, you might create DEV/TEST/PROD zones where agents in one zone cannot directly communicate with agents in another zone. This configuration is typically used to lock down communication between an insecure/outside network and a secure/inside network. Each zone has one or more gateway agents, which are used to communicate with other zones. These gateway agents are considered trusted as the ElectricFlow server verifies the agent’s identity using PKI certificate verification. ElectricFlow Security Overview: Enterprise-grade Security About Electric Cloud Electric Cloud powers Continuous Delivery. We help mobile, embedded systems and enterprise web/IT providers deliver better software faster by automating and accelerating build, test, and deployment processes at scale. Industry leaders like Qualcomm, SpaceX, Cisco, GE, Gap, and E*TRADE use Electric Cloud solutions and services to boost DevOps productivity and Agile throughput. For more information, visit electric-cloud.com. Corporate Headquarters Electric Cloud, Inc. 35 S. Market St, Ste 100, San Jose, CA 95113 T: 408.419.4300 F: 408.419.4399 [email protected] www.electric-cloud.com Electric Cloud Europe 1650 Arlington Business Park Theale, Reading Berkshire RG7 4SA United Kingdom T: +44 (0) 0207.872.5500 [email protected] Electric Cloud Japan KK 22F Shibuya Mark City West 1-12-1 Dogenzaka, Shibuya-ku Tokyo 150-0043 Japan T: +81.3.4360.5375 [email protected] ©2015 Electric Cloud, Inc. All rights reserved. Electric Cloud, Electric Make, ElectricAccelerator, ElectricCommander and ElectricInsight are trademarks of Electric Cloud, Inc. Microsoft and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other names are used for identification purposes only and are trademarks of their respective companies.
© Copyright 2024