W E K A
WebsiteSupportDownloads/LicensingAWS Self-Service Portal
Search…
4.0
Weka documentation
Weka System Overview
About the Weka system
SSD capacity management
Filesystems, object stores, and filesystem groups
Weka networking
Data lifecycle management
Weka client and mount modes
Glossary
Getting Started with Weka
Quick installation guide
Manage the system using the Weka CLI
Manage the system using the Weka GUI
Run first IOs with WekaFS
Getting started with Weka REST API
Planning & Installation
Prerequisites for installation
Weka installation on bare metal
Weka installation on AWS
Performance
Weka performance tests
WekaFS Filesystems & Object Stores
Manage object stores
Manage filesystem groups
Manage filesystems
Attach or detach object store buckets
Advanced data lifecycle management
Mount filesystems
Snapshots
Snap-To-Object
Quota management
Additional Protocols
NFS
SMB
S3
Operation Guide
Alerts
Events
Statistics
System congestion
Security management
Obtain authentication tokens
KMS management
TLS certificate management
CA certificate management
Account lockout threshold policy management
Manage the login banner
User management
Organizations management
Expand and shrink cluster resources
Background tasks
Upgrade Weka versions
Billing & Licensing
License overview
Classic license
Pay-As-You-Go license
Support
Prerequisites and compatibility
Get support for your Weka system
The Weka support cloud
Diagnostics management
Appendix
Weka CSI Plugin
Monitor using external tools
Snapshot management
REST API Reference Guide
Powered By GitBook
Security management
This page describes important security consideration for the Weka cluster management.
The Weka system is a secured environment. It deploys a combination of security controls to ensure secured communication and secured user data.
The security controls include the following:
  • HTTPS access: To access the Weka GUI, you connect only to one of the system servers using HTTPS through port 14000.
  • Authentication tokens: The authentication tokens are used for accessing the Weka system API and to allow the mounting of secure filesystems.
  • KMS: When creating an encrypted filesystem, a KMS must be used to properly secure the encryption keys. The KMS encrypts and decrypts filesystem keys.
  • TLS certificates: By default, the system deploys a self-signed certificate to access the GUI, CLI, and API through HTTPS. You can deploy your certificate by providing an unencrypted private key and certificate PEM files.
  • CA certificates: The system uses well-known CA certificates to establish trust with external services. For example, when using a KMS.
  • Account lockout: To prevent brute force attacks, if several login attempts fail (default: 5), the user account is locked for several minutes (default: 2 minutes).
  • Login banner: The login banner provides a security statement or a legal message displayed on the sign-in page.
  • GUI session automatic termination: The user is signed out after 30 minutes of inactivity.
​
Related topics
​KMS management​
​Organizations management (security topics related to mounting and separation of organizations)
​User management (authentication of different user roles and AD/LDAP)
Operation Guide - Previous
System congestion
Next
Obtain authentication tokens
Last modified 1mo ago
Copy link