Part I Securing the Microservices Architecture
Use this part to secure your Microservices Architecture (MA) environment.
With Microservices, each server (Administration, Distribution, Performance Monitoring, Receiver Server and Service Manager) runs its own process and communicates with REST. As REST is a style that uses secure HTTP, all the security related concerns and solutions applied to HTTPS apply to REST interfaces also. This includes ensuring general security related to HTTPS-based requests, responses, sessions, cookies, headers and content as well as addressing issues such as Cross Site Request Forgery, UI Redressing and delegated authentication. TLS 1.2 (Transport Layer Security) provides both confidentiality and integrity with optional Authentication. Server authentication, which verifies the identity of the server used by the client for communication. Client authentication verifies the identity of the client that the server is communicating. A typical configuration enforces server authentication while client authentication is optional. Additional security configurations can specify the level of security strength and revocation options.
Inbound and Outbound Security Configuration
An inbound configuration defines the security characteristics used for requests being received by the server from a client; an inbound request.
An outbound configuration defines the security characteristics used for requests being sent from the server to a client; an outbound request.
A server is generally considered to be operating secured when security is enabled and the inbound configuration is valid.
All MA servers support inbound security configurations. Only the Distribution Server and Receiver Server support outbound configurations.
The Distribution Server and Receiver Server use the Outbound security configuration to secure request between them. When the Distribution Server issues a request to a Receiver Server or when a Receiver Server issues a request to a Distribution server, each uses their outbound configurations.
Topics:
- Microservices Security Concepts
Learn about these MA security features: - Securing Deployments
Microservices REST-based Service Interfaces are agnostic with regard to which underlying HTTP or HTTPS protocol is used. Their behavior is the same whether issued over a secure or an unsecure protocol. - Authentication and Authorization
The MA security defines the communication authorization and authentication. Authentication includes tasks such as configuring the credential store and aliases for scripts in the AdminClient. Authorization includes tasks for network and server configuration. - Network
Learn how to secure your network for Oracle GoldenGate. - TLS and Secure Network Protocols
Communication security is the confidentiality and integrity of the information sent over communications channels, such as TCP/IP-based networks. - Using Target-Initiated Distribution Paths
Learn about target-initiated distribution paths in MA, the need to set it up, and various use cases where it is helpful to use target-initiated distribution paths.