Use this part to secure your Microservices Architecture (MA) environment.
With Microservices, each server (Administration, Distribution, Performance Monitoring, Receiver Server and Service Manager) runs its own process and communicates with REST. As REST is a style that uses secure HTTP, all the security related concerns and solutions applied to HTTPS apply to REST interfaces also. This includes ensuring general security related to HTTPS-based requests, responses, sessions, cookies, headers and content as well as addressing issues such as Cross Site Request Forgery, UI Redressing and delegated authentication. TLS 1.2 (Transport Layer Security) provides both confidentiality and integrity with optional Authentication. Server authentication, which verifies the identity of the server used by the client for communication. Client authentication verifies the identity of the client that the server is communicating. A typical configuration enforces server authentication while client authentication is optional. Additional security configurations can specify the level of security strength and revocation options.
Inbound and Outbound Security Configuration
An inbound configuration defines the security characteristics used for requests being received by the server from a client; an inbound request.
An outbound configuration defines the security characteristics used for requests being sent from the server to a client; an outbound request.
A server is generally considered to be operating secured when security is enabled and the inbound configuration is valid.
All MA servers support inbound security configurations. Only the Distribution Server and Receiver Server support outbound configurations.
The Distribution Server and Receiver Server use the Outbound security configuration to secure request between them. When the Distribution Server issues a request to a Receiver Server or when a Receiver Server issues a request to a Distribution server, each uses their outbound configurations.