Znav | ||||
---|---|---|---|---|
|
IceGrid's registry and node services expose multiple network endpoints that a malicious client could use to gain access to IceGrid functionality and interfere with deployed applications. This presents a significant security risk in network environments that are exposed to untrusted clients. For example, a malicious client could connect to a node and use IceGrid's internal interfaces to deploy and run its own server executable.
This page describes the steps you can take to secure your IceGrid application.
On this page:
Table of Contents | ||
---|---|---|
|
IceGrid Security Overview
...
The Ice distribution includes a C++ example that demonstrates how to configure a secure IceGrid deployment in the {{demo/IceGrid/secure
}} subdirectory. This example includes a script to generate certificates for a registry, a node, a Glacier2 router, and a server. For more information, see the README
file provided with the example.
Ztop |
---|
Understanding the Registry Endpoints
The IceGrid registry has three mandatory endpoints representing the client, server, and internal endpoints. The registry also has two optional endpoints (the session manager and administrative session manager endpoints) that are only useful when accessing IceGrid via Glacier2.
Ztop |
---|
Client Endpoint
The registry client endpoint is used by Ice applications that create client sessions in order to use the resource allocation facility. It is also used by administrative clients that create sessions for managing the registry. Finally, the client endpoint is used by Ice applications that use the IceGrid::Query
interface or resolve indirect proxies via the IceGrid locator.
...
It is not necessary to restrict SSL access to the client endpoints (using the property IceSSL.TrustOnly.Server.IceGrid.Registry.Client
) as long as you use client and administrative permission verifiers for authentication. This property is only useful for restricting access to client and administrative sessions when using null permission verifiers. Note however that if both client and administrative sessions are enabled, you will only be able to restrict access to one set of clients since you cannot distinguish clients that create client sessions from clients that create administrative sessions.
Ztop |
---|
Server Endpoint
Ice servers use the registry's server endpoint to register their object adapter endpoints and send information to administrative clients connected via the registry.
...
Wiki Markup |
---|
{zcode} IceSSL.TrustOnly.Server.IceGrid.Registry.Server=CN="Server" {zcode} |
Ztop |
---|
Internal Endpoint
IceGrid nodes and registry replicas use the internal endpoint to communicate with the registry. For example, nodes connect to the internal endpoint of each active registry, and registry slaves establish a session with their master via this endpoint.
...
Wiki Markup |
---|
{zcode} IceSSL.TrustOnly.Server.IceGrid.Registry.Internal=CN="IceGrid Node";CN="IceGrid Registry" {zcode} |
Ztop |
---|
Session Manager Endpoint
The session manager endpoint is used by Glacier2 to create IceGrid client sessions. The functionality exposed by this endpoint is unrestricted so you must either secure it or disable it (this endpoint is disabled by default). The property shown below demonstrates how to configure IceSSL so that only Glacier2 routers are accepted by this endpoint:
...
In this example, Glacier2 Router Client
is the common name of the Glacier2 router used by clients to create IceGrid client sessions.
Ztop |
---|
Administrative Session Manager Endpoint
...
Wiki Markup |
---|
{zcode} IceSSL.TrustOnly.Server.IceGrid.Registry.SessionManager=CN="Glacier2 Router Client" IceSSL.TrustOnly.Server.IceGrid.Registry.AdminSessionManager=CN="Glacier2 Router Client" {zcode} |
Ztop |
---|
Outgoing Connections
The registry establishes outgoing connections to other registries and nodes. You should configure the IceSSL.TrustOnly.Client
property to restrict connections to these trusted peers:
...
The registry can also connect to Glacier2 routers and permission verifier objects. To allow connections to these services, you must include in this property the common names of Glacier2 routers that create client or administrative sessions, as well as the common names of servers that host the permission verifier objects.
Ztop |
---|
Understanding the Node Endpoints
...
Wiki Markup |
---|
{zcode} IceSSL.TrustOnly.Client=CN="Server";CN="IceGrid Registry" {zcode} |
Ztop |
---|
Understanding the Administrative Endpoints with IceGrid
...
If your server invokes on other servers, you will need to modify this setting to allow secure connections to them.
Ztop |
---|
See Also
- IceSSL
- Configuring IceSSL
- Setting up a Certificate Authority
- Glacier2 Integration with IceGrid
- Resource Allocation using IceGrid Sessions
- IceGrid Administrative Sessions
- Well-Known Objects
- IceGrid and the Administrative Facility
- Registry Replication
- IceSSL Properties
Zret |
---|
Znav | ||||
---|---|---|---|---|
|