Skip to Content

Changes for page eMagiz Security Guide

Last modified by Waria on 2026/06/04 13:44
From version 44.1
edited by Waria
on 2026/06/04 12:10
Change comment: There is no comment for this version
To version 53.1
edited by Waria
on 2026/06/04 13:44
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -23,11 +23,12 @@
23 23  eMagiz consists of various components communicating to develop the process layer and subsequently run the message layer as secure and stable as possible for our customers.
24 24  
25 25  
26 -1. In the eMagiz integration project, various flows are created that work together to realize the integration. The different types are shown on the top of the picture below: Entries, exits, offramps, onramps, and routing flows.
26 +1. In the eMagiz integration project, various flows are created that work together to realize the integration. The different types are shown on the top of the picture below.
27 27  2. Your customized flows are combined with a base image (which contains framework components to make the flows work) and are deployed into a runtime (java-based application container).
28 28  3. These runtimes run on Cloud machines that contain Cloud templates (all required components to make the Cloud machine operational such as OS, Java runtime version, and more).
29 29  
30 30  
31 +
31 31  Your flows are stored within a registry so deployments can be managed efficiently. To prevent unauthorized access to this repository, the following measures have been taken:
32 32  
33 33  
... ... @@ -34,15 +34,14 @@
34 34  * Deploy agents can access the registry and can read the contents belonging to your eMagiz integration project only.
35 35  * Client runtimes can read specific flows within the registry as provided by the deploy agent to deploy the flows
36 36  * When running your eMagiz integration project in the cloud, security during communication between eMagiz and the registry is taken care of by the eMagiz cloud.
37 -* When running your eMagiz integration project on-premises, you will have to make sure that your server is running Docker and the eMagiz deploy agent so the server can access the registry successfully and securely. Learn more about this here: [[eMagiz Deploy Agent>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.eMagiz Runtime Management.eMagiz Deploy agent.WebHome||target="blank"]]
38 +* When running your eMagiz integration project on-premises, you will have to make sure that your server is running Docker and the eMagiz deploy agent so the server can access the registry successfully and securely. For more information on this look here: [[eMagiz Deploy Agent>>doc:Main.eMagiz Academy.Microlearnings.Intermediate Level.eMagiz Runtime Management.intermediate-runtime-management-deploy-agent.WebHome||target="blank"]]
38 38  * A bitbucket pipeline can access the registry to update the provided base image that is needed to run all your flows. This pipeline cannot access your flows, only the libraries used to build your flows.
39 39  * Connections to the registry are always one-way SSL (encrypted) and all access is secured with a unique username/password combination.
40 40  * As mentioned above, the registry is read-only for agents and client runtimes. This means that even if someone gets their hands on a username/password combination, they do not have sufficient rights to alter anything in the registry. They can only read the data that is kept in the registry.
41 41  
42 42  
43 -
44 -[[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--definition-emagiz-model.png]]
45 -
44 +[[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--emagiz-architecture.png]]
45 +
46 46  === 3.2 Security Guidelines - Cloud ===
47 47  
48 48  In this section, we take a closer look at the cloud setup in general. Here we will focus on high-level security measurements because we already specified security measurements at the data level.
... ... @@ -104,21 +104,11 @@
104 104  
105 105  ===== 3.3.1.1 Rights for installing =====
106 106  
107 -To install a runtime on-premises, you need sufficient rights to execute (batch) programs. This means that the user needs administrator rights on that specific machine to perform the runtime installation correctly.
107 +To run your runtimes on-premises, Docker and the eMagiz deploy agent need to be installed and updated when required. On Windows machines, you will need administrator rights to perform these actions. On Linux machines, you need at least sudo privileges for these actions.
108 108  
109 -===== 3.3.1.2 Rights for running =====
110 -
111 -In Windows, a service account is needed to run a Windows Service (in this case, the runtime you have installed). This service account is different compared to the user that does the installing of the runtime.
112 -There are two options on this level:
113 -
114 -* Use the local system account. This account has sufficient rights to run the service and can therefore be used for everything: less work to configure, more impact on data integrity when the account gets compromised.
115 -* Use a specific service account per runtime, limiting the power of users to a particular runtime making you less vulnerable if this account gets compromised.
116 -
117 -In Linux, the service will be running under the local system account as per default.
118 -
119 119  ==== 3.3.2 Cloud ====
120 120  
121 -In the eMagiz Cloud, the access is restricted to those who have a legitimate reason to access it based on the SLA level agreements between customers and eMagiz. This means support engineers, consignment employees, and your model owner have access to your specific cloud setup.
111 +In the eMagiz Cloud, access is restricted to those who have a legitimate reason to access it based on the SLA level agreements between customers and eMagiz. This means support engineers, consignment employees, and your model owner have access to your specific cloud setup.
122 122  This access is, per role, furthermore limited. This means that consignment employees and model owners can only see the logging of the runtimes on the machine and the ability to start/stop machines.
123 123  
124 124  Support engineers can see more to analyze problems on a lower level.
... ... @@ -131,7 +131,7 @@
131 131  
132 132  ===== 3.3.2.2 Rights for running =====
133 133  
134 -The VPC in the Cloud runs on a Linux environment. Therefore the same logic applies as specified above for Linux systems. For example, in Linux, the service will run under the local system account as default.
124 +The VPC in the Cloud runs on a Linux environment. Therefore, the same logic applies as specified above for Linux systems. For example, in Linux, the service will run under the local system account as default.
135 135  
136 136  === 3.4 Data encryption during transport ===
137 137  
... ... @@ -180,7 +180,7 @@
180 180  
181 181  ==== 3.5.2 API Gateway ====
182 182  
183 -A structure with roles and rights per role can be specified within the portal or via an external IDP to secure the front end of the API Gateway in eMagiz. For the backend of the API Gateway, the same logic applies as stated above for messaging, which means that eMagiz supports the industry standard. Therefore, you as a user should confer with the external party about the correct method.
173 +A structure with roles and rights per role can be specified within the portal to secure the front end of the API Gateway in eMagiz. For the backend of the API Gateway, the same logic applies as stated above for messaging, which means that eMagiz supports the industry standard. Therefore, you as a user should confer with the external party about the correct method.
184 184  
185 185  ===== 3.5.2.1 Portal =====
186 186  
... ... @@ -188,12 +188,6 @@
188 188  
189 189  [[image:Main.Images.Fundamental.WebHome@fundamental-emagiz-security-guide--api-gateway-portal-feedback.png]]
190 190  
191 -===== 3.5.2.2 (External) IDP =====
192 -
193 -Apart from configuring the roles, users, and rights within the portal itself, it is also possible to hook the API Gateway up to an (external) IDP.
194 -By communicating with this IDP via the OAuth2.0 protocol, a check is done every time a client calls a specific operation to see whether that client has sufficient rights to access the operation.
195 -If the client has sufficient rights, the process continues. For example, if the client has insufficient rights, the client receives a 401 Unauthorized.
196 -
197 197  ===== 3.5.2.3 Error handling =====
198 198  
199 199  To prevent the error message if it occurs is sent straight back to the client, you can configure the front end of the API Gateway, so that correct HTTP Status codes are given back to the client, including a descriptive message.
... ... @@ -206,7 +206,7 @@
206 206  
207 207  Only users with sufficient rights in the Deploy phase of eMagiz can add users, topics and change the ACL entries specific to the Event Streaming cluster.
208 208  
209 -Apart from producing or consuming on specific topics based on the ACL, users also need to have a valid Keystore (containing the key and cert generated automatically) and a valid truststore (containing the CA certificate of the event streaming cluster) to produce or consume data.
193 +Apart from producing on or consuming specific topics based on the ACL, users need to authenticate themselves on the Event Streaming cluster using 2-way SSL. For this they need a client certificate (also known as a keystore) and the trusted server certificate (also known as truststore).
210 210  
211 211  These are all security measures to prevent third parties from getting unauthorized access to the data stored on the topics.
212 212  
... ... @@ -252,7 +252,7 @@
252 252  
253 253  Below are relevant items for the password policy in the eMagiz portal.
254 254  
255 -* There is no expiry policy on the password - eMagiz has a Forget Password functionality.
239 +* There is no expiry policy on the password - eMagiz has a Forgot Password functionality.
256 256  * Password must be 8 - 20 characters long, cannot contain white spaces, and must contain at least one digit, one upper case, and one lower case letter."
257 257  
258 258  ==== 3.6.2 Integration project versioning & audit trails ====
... ... @@ -275,28 +275,27 @@
275 275  
276 276  === 3.7 GDPR compliancy ===
277 277  
278 -Our privacy policy is mentioned on this page: https://www.emagiz.com/privacy-policy/. The eMagiz platform holds for registered users only the username and password. The user name is the company email address, and no other data is kept on a personal user level.
262 +Our privacy policy is mentioned on this page: https://www.emagiz.com/privacy-policy/. The eMagiz platform holds for registered users only the username and password. The username is the company email address, and no other data is kept on a personal user level.
279 279  
280 -The eMagiz portal at https://my.emagiz.com does not store any cookies. Instead, there are functional items only kept in the user's session data once active in the eMagiz portal. Specific logs are created in the eMagiz portal that displays operational issues a user has in using the portal. These logs are only viewable by eMagiz users and contain no personal data.
264 +The eMagiz portal at https://my.emagiz.com does not store any cookies. Instead, there are functional items only kept in the user's session data once active in the eMagiz portal. Specific logs are created in the eMagiz portal that displays operational issues a user has in using the portal. These logs are only viewable by eMagiz administrators and contain no personal data.
281 281  
282 282  === 3.8 Data retention ===
283 283  
284 -eMagiz stores specific integration scenario data. Within the basic configuration, eMagiz only processes the data and doesn't keep any data from these message streams. All messages are treated the same way, and the platform doesn't distinguish between regular, personal, or sensitive data. Clients are requested to make such assessments and take precautionary measures. Below we have detailed the parts of the eMagiz offering, per integration pattern, in which data is held temporarily. Afterward, we turn our focus to our data management offerings in which we store data for a longer period to support the client's needs.
268 +Within the basic configuration, eMagiz only processes the data and does not keep any data. All messages are treated the same way, and the platform doesn't distinguish between regular, personal, or sensitive data. Clients are requested to make such assessments and take precautionary measures. Below we have detailed the parts of the eMagiz offering, per integration pattern, in which data is held temporarily. Afterward, we turn our focus to our data management offerings in which we store data for a longer period to support the client's needs.
285 285  
286 286  ==== 3.8.1 Messaging ====
287 287  
288 -In the integrations where the Messaging pattern is selected, the entry connectors (runtimes that receive or pull messages) are equipped with a small temporary database to ensure the letters are preserved in this phase. In case of brief downtime of consecutive components where these messages are processed, these messages are held. This is one part of the Guaranteed Delivery mechanism in eMagiz. Messages are encrypted (AES-128) and stored until the message is processed * the database can only be thoroughly cleaned if needed by removing the data file of this database. Only users that have sufficient permissions can restart. Depending on input received and throughput achieved by polling the database, this can range between seconds and minutes that a message is kept in the database.
272 +In the integrations where the Messaging pattern is selected, the entry connectors (runtimes that receive or pull messages) are equipped with a small temporary database to ensure the messages are preserved in this phase. In case of brief downtime of consecutive components where these messages are processed, these messages are held. This is one part of the Guaranteed Delivery mechanism in eMagiz. Messages are encrypted (AES-128) and stored until the message is processed. Depending on input received and throughput achieved by the poller, a message is kept between seconds and minutes in the database.
273 +The database can only be thoroughly cleaned if needed by removing the data file of this database. Only users that have sufficient permissions can execute this action.
289 289  
290 -The eMagiz JMS component manages the queues between the different steps in the integration flow. All data within these queues are encrypted via an encryption algorithm (AES-256), and data will only be retained here until the next step in the process is ready to consume the data.
291 291  
276 +The eMagiz JMS server manages the queues between the different steps in the integration flow. All data within these queues are encrypted via an encryption algorithm (AES-256), and data will only be retained here until the next step in the process is ready to consume the data.
277 +
292 292  ==== 3.8.2 Event Streaming ====
293 293  
294 -In the case of event streaming, data is temporarily kept on the topic within the event streaming cluster. As specified above, access to a topic is secured with the help of the ACL. This is a safeguard against a loss of integrity of data. Regarding Event Streaming, data is retained for a more extended period (often days) to ensure that consumers have sufficient time to consume the data before it is deleted. This does mean that unauthorized third parties can not easily access the data on these topics. In addition, authorized users can edit the retention size and retention times on the topic level.
280 +In the case of event streaming, data is temporarily kept on the topic within the event streaming cluster. As specified above, access to a topic is secured with the help of the ACL. This is a safeguard against a loss of integrity of data. Regarding Event Streaming, data is retained for a more extended period (between 2 and 7 days, depending on configuration and license) to ensure that consumers have sufficient time to consume the data before it is deleted.
281 +For details on how your data is secured during retention, such as encryption and back-up policies, we refer you to the security policies of our provider KPN DSH: https://policy-public.kpnnet.org/ksp/explore/ksp-taxonomy/560104
295 295  
296 -* Service instances and the underlying VMs use full volume encryption using LUKS with a randomly generated ephemeral key per each instance and volume. The key is never re-used and will be trashed at the destruction of the instance, so there's a natural key rotation with roll-forward upgrades. We use the LUKS default mode aes-xts-plain64:sha256 with a 512-bit key.
297 -* Backups are encrypted with a randomly generated key per file. These keys are encrypted with RSA key-encryption key-pair and stored in the header section of each backup segment. The file encryption is performed with AES-256 in CTR mode with HMAC-SHA256 for integrity protection. The RSA key pair is randomly generated for each service. The key lengths are 256-bit for block encryption, 512-bit for integrity protection, and 3072-bits for the RSA key.
298 -* These backup files are stored in the object storage in the same region where the service virtual machines are located.
299 -
300 300  ==== 3.8.3 API Gateway ====
301 301  
302 302  At this moment, there is no data stored in eMagiz API Gateways configurations. Instead, backend flows that connect to the APIs being called use the same queuing mechanism as mentioned in the previous section around Messaging.
... ... @@ -321,7 +321,7 @@
321 321  == 4. Key takeaways ==
322 322  
323 323  * Protecting your data is a joint responsibility between eMagiz and you
324 -* The repository is read-only for clients
307 +* The registry containing deployable flows is read-only for clients
325 325  * Data in the Cloud is kept within your VPC
326 326  * The portal is behind an MFA check
327 327