Load Balancers are a key device in our infrastructure as they are used to distribute traffic across different networks, they are the entry point of applications and even of a whole data center. For that reason, cybersecurity and the security access of different users to the device is an important matter to address.
The main goal of implementing a Role Based Access Control (RBAC) system is to provide to any organization a flexible tool to manage their users, roles and resources defined in the load balancer, such as virtual services or virtual network interfaces. Given that ability, different roles in an organization like network administrators, system administrators, devops, developers or operators, can control their own resources allowing a more agile work group and isolating different projects and scopes.
How the RBAC system has been designed?
Zevenet Dev Team has designed the RBAC system in a standard and easy to maintain infrastructure, but compatible with all the different modules included in Zevenet.
There are new concepts in the new infrastructure like Users, which are provided with a password and independent Zapi Key per user which allows the remote access through API and even control the access through the web GUI. Roles are a compound of predefined objects with their specific actions that can be enabled or disabled according to the role to be created. Resources are the different instances created in the load balancer like a certain farm servers or virtual interfaces. Groups are defined as the association of Users, Roles and Resources. A descriptive diagram is shown below.
Users password are fully encrypted with the highest level of security and synchronized with the system, although they’re not going to have access to the load balancer through command line.
There are predefined roles templates for the different profiles in any organization so the RBAC system has been designed to be easy to adopt and maintain.
How are the security processes integrated with the new RBAC system?
The data security has been taken into consideration in order to protect the sections where the load balancer gathers most sensible data like the listing of network interfaces or aliases which provides information about the topology of the network, read and download of logs files where all the information of the load balancer is centralized, upload or download backups with the full configuration of the load balancer or even the section of support data to help our support team to analyze any issue in the load balancer.
In addition, an the new RBAC provides an Audit system where all the interactions from users accessing to the load balancer or applying any of their actions are logged, so any change in the load balancer can be audited and controlled by the security team, successful or forbidden ones with their corresponding tag.
Next challenges in terms of RBAC would be: physical resources limitation per user using cgroups (like CPU, throughput, memory, etc), further operating system hardening or the support of multiple groups per user.
As the RBAC system is designed to be fully scalable, new great abilities are coming.
Load balancing is common in the computing world. It came about due to users wanting content quickly. This meant that high‑traffic websites that get millions of user requests had to…
Healthcare is highly vulnerable to security threats, just like any other industry. Nowadays, cyberattacks in healthcare are very common leading to a lot of risks, specifically security risks to be…
426 LikesComments Off on The Importance of Cybersecurity Frameworks in Healthcare
7 Reasons ZEVENET is the best Load Balancing software in 2022 Load balancing solution is no longer what it used to be in the past. As technology improves, threats also…
438 LikesComments Off on 7 Reasons ZEVENET is the best Load Balancing software in 2022
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.I agree