Security management

This page describes important security considerations for WEKA cluster management.

The WEKA system is a secure environment. It deploys a combination of security controls to ensure secured communication and user data.
The security controls include the following:
HTTPS access: To access the WEKA GUI, you connect only to one of the system servers using HTTPS through port 14000.
Authentication tokens: The authentication tokens are used for accessing the WEKA system API and to allow the mounting of secure filesystems.
KMS: When creating an encrypted filesystem, a KMS must be used to properly secure the encryption keys. The KMS encrypts and decrypts filesystem keys.
TLS certificates: By default, the system deploys a self-signed certificate to access the GUI, CLI, and API through HTTPS. You can deploy your certificate with an unencrypted private key and certificate PEM files.
CA certificates: The system uses well-known CA certificates to establish trust with external services. For example, when using a KMS.
Account lockout: To prevent brute force attacks, if several login attempts fail (default: 5), the user account is locked for several minutes (default: 2 minutes).
Login banner: The login banner provides a security statement or a legal message on the sign-in page.
GUI session automatic termination: The user is signed out after 30 minutes of inactivity.
​
Related topics
​Obtain authentication tokens​
​KMS management​
​TLS certificate management​
​CA certificate management​
​Account lockout threshold policy management​
​Organizations management
    (security topics related to mounting and separation of organizations)
​User management
    (authentication of different user roles and AD/LDAP)

Operation Guide - Previous

System congestion

Obtain authentication tokens

Last modified 1mo ago