Changes for page eMagiz Security Guide
Last modified by Waria on 2026/06/04 13:44
From version 42.1
edited by Waria
on 2026/06/04 12:08
on 2026/06/04 12:08
Change comment:
There is no comment for this version
To version 41.1
edited by Erik Bakker
on 2024/08/20 08:53
on 2024/08/20 08:53
Change comment:
There is no comment for this version
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. waria1 +XWiki.ebakker - Content
-
... ... @@ -1,5 +1,5 @@ 1 1 {{container}}{{container layoutStyle="columns"}}((( 2 - In this fundamental, we will delve into the security perspective of the eMagiz landscape. We'll explore the cloud setup, data protection, and more to understand the role security plays in each part of the eMagiz architecture. Let's dive in!2 +in this fundamental, we will delve into the security perspective of the eMagiz landscape. We'll explore the cloud setup, data protection, and more to understand the role security plays in each part of the eMagiz architecture. Let's dive in! 3 3 4 4 Should you have any questions, please get in touch with academy@emagiz.com. 5 5 ... ... @@ -10,37 +10,31 @@ 10 10 == 2. Key concepts == 11 11 12 12 * Protecting your data is a joint responsibility between eMagiz and you 13 -* The re gistrycontaining deployable flowsisread-only for clients13 +* The repository is read-only for clients 14 14 * Data in the Cloud is kept within your VPC 15 15 * The portal is behind an MFA check 16 16 17 17 == 3. eMagiz Security Guide == 18 18 19 -In this fundamental, we will zoom in on how the various parts of the eMagiz landscape can be viewed from a Security perspective. We will look at the Cloud, on-premises, data within eMagiz, external communication, and the portal during our journey. After this journey, you should have a solid understanding of what role security plays in each of the parts of the eMagiz architecture. Note that protecting your data is a joint responsibility between eMagiz and you. This fundamental aims at clarifyingthe security measures eMagiz has taken in the eMagiz platform. This way, you can assess the eventual additional steps you need to take to ensure that the eMagiz service cooperates securely with the rest of your application and integration landscape.19 +In this fundamental, we will zoom in on how the various parts of the eMagiz landscape can be viewed from a Security perspective. We will look at the Cloud, on-premises, data within eMagiz, external communication, and the portal during our journey. After this journey, you should have a solid understanding of what role security plays in each of the parts of the eMagiz architecture. Note that protecting your data is a joint responsibility between eMagiz and you. This fundamental aims to clarify the security measures eMagiz has taken in the eMagiz platform. This way, you can assess the eventual additional steps you need to take to ensure that the eMagiz service cooperates securely with the rest of your application and integration landscape. 20 20 21 21 === 3.1 Architectural setup eMagiz === 22 22 23 23 eMagiz consists of various components communicating to develop the process layer and subsequently run the message layer as secure and stable as possible for our customers. 24 24 25 - 26 -1. In the eMagiz integration project, various flows are created that work together to realize the integration. The different types are shown on the top of the picture below: Entries, exits, offramps, onramps, and routing flows. 27 -2. Your customized flows are combined with a base image (which contains framework components to make the flows work) and are deployed into a runtime (java-based application container). 25 +1. In the eMagiz integration project, various flows are created that work together to realize the integration. The different types are shown on the top of the picture below: Entry, Exits, Offramps, onramps, and routing flows. 26 +2. These flows are then deployed together with a specific build number (contains framework components to make these flows work) into a runtime (java based application container). 28 28 3. These runtimes run on Cloud machines that contain Cloud templates (all required components to make the Cloud machine operational such as OS, Java runtime version, and more). 29 29 29 +The top part of the picture depicts the eMagiz repository. All relevant (open-source) libraries needed to run flows on a connector are stored within this repository. 30 30 31 - Your flows are stored within a registry so deployments can be managed efficiently.To prevent unauthorized access to this repository, the following measures have been taken:31 +To prevent unauthorized access to this repository, the following measures have been taken 32 32 33 +* Client runtimes can access the repository via a username/password combination through a one-way SSL connection (encrypted) and read the contents of the repository 34 +* eMagiz developers that need to upload bundles can access the repository through a one-way SSL connection (encrypted) 35 +* A bitbucket pipeline will be created soon to enable automatic updates. This data pipeline will also need a unique username/password combination along with the fact that the connection itself is a one-way SSL connection (encrypted) 36 +* The repository is read-only for clients. This means that even if someone gets their hands on a username/password combination, they do not have sufficient rights to alter anything in the repository. They can only read the data that is kept in the repository. 33 33 34 -* Deploy agents can access the registry and can read the contents belonging to your eMagiz integration project only. 35 -* Client runtimes can read specific flows within the registry as provided by the deploy agent to deploy the flows 36 -* When running your eMagiz integration project in the cloud, security during communication between eMagiz and the registry is taken care of by the eMagiz cloud. 37 -* When running your eMagiz integration project on-premises, you will have to make sure that your server is running Docker and the eMagiz deploy agent so the server can access the registry successfully and securely. Learn more about this here: [[eMagiz Deploy Agent>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.eMagiz Runtime Management.emagiz-deploy-agent||target="blank"]] 38 -* A bitbucket pipeline can access the registry to update the provided base image that is needed to run all your flows. This pipeline cannot access your flows, only the libraries used to build your flows. 39 -* Connections to the registry are always one-way SSL (encrypted) and all access is secured with a unique username/password combination. 40 -* As mentioned above, the registry is read-only for agents and client runtimes. This means that even if someone gets their hands on a username/password combination, they do not have sufficient rights to alter anything in the registry. They can only read the data that is kept in the registry. 41 - 42 - 43 - 44 44 [[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--definition-emagiz-model.png]] 45 45 46 46 === 3.2 Security Guidelines - Cloud ===