sstent/LogSeqDB
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2e5963a0418fa02c840b95d7a9edc6ee9f42e599
LogSeqDB/pages/outline of 2-3 options.md
sstent 4662fe2d3b first commit
2025-12-11 06:26:12 -08:00

40 lines
4.4 KiB
Markdown
Raw Blame History

- I would recommend breaking this into multiple whitepapers
- Morpheus
- Below is a curated list of Morpheus security capabilities aligned with the needs of an IT security leader:
- **Single Sign-On (SSO) Integration**
Morpheus can integrate with multiple SSO providers (e.g., SAML 2.0), enabling centralized user authentication and leveraging existing identity stores for streamlined user management and compliance with enterprise directory policies [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **Role-Based Access Control (RBAC)**
Security groups from the identity provider are mapped to Morpheus roles at first login, ensuring that users receive only the permissions they need, in accordance with the principle of least privilege [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **Multi-Factor Authentication (MFA)**
Supports MFA both natively (two-factor authentication for local accounts) and via SAML 2.0 integrations that propagate external MFA challenges, adding an extra layer of credential protection [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **AES-256 Encryption of Sensitive Data**
All configuration data, including passwords and metadata stored in the embedded database, are encrypted at rest using AES-256 symmetric key encryption. File-system data can also reside on encrypted volumes for defense-in-depth [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **FIPS 140-2 Compliance Support**
From version 3.6.5 onward, Morpheus Data Appliance offers FIPS 140-2 validated cryptographic modules. A specialized FIPS installer ensures that all cryptographic operations comply with U.S. federal standards [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **Certificate Management**
- **CA-Signed Certificates**: Recommended for production to establish trust.
- **Self-Signed Certificates**: Supported for testing environments only.
- **Active Directory Integration**: Requires a valid domain certificate from a trusted CA to secure LDAP/LDAPS traffic [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **CVE Scanning and Patch Remediation**
Each minor and patch release undergoes Common Vulnerabilities and Exposures (CVE) scanning. Identified CVEs are remediated before release, and release notes document all addressed vulnerabilities to aid in audit readiness [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **Comprehensive Logging and Auditing**
- **Server Logs**: Rotated daily with 30-day retention, capturing core services (e.g., Tomcat, NGINX, Elasticsearch).
- **Audit Logs**: Records all user-driven configuration changes and infrastructure operations; a subset is exposed via the UI activity feed and stored indefinitely in the database.
- **Agent Logs**: Managed machines forward syslog messages via the Morpheus Agent with configurable retention (default 7 days), ensuring visibility into workload-level events [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **Secure Telemetry Controls**
Telemetry data collection is opt-in and can be disabled via a license feature. This provides organizations full control over what operational data leaves their environment, aiding in data sovereignty and privacy compliance [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- **Network Security Requirements**
- **Port Restrictions**: Administrator workstations communicate over TCP 22 and TCP 443; all user/API interactions occur exclusively over HTTPS (TCP 443).
- **Name Resolution and Latency**: Enforces strict DNS configurations and recommends sub-5 ms inter-node latency for HA deployments to prevent split-brain scenarios and ensure secure, performant clustering [morpheusdata.com](https://morpheusdata.com/wp-content/uploads/2024/12/Morpheus-Reference-Architecture-7.0.x-v3.3-1.pdf).
- HPE-VM
-
- Better together
-
-
Reference in New Issue View Git Blame Copy Permalink