Security management

This page describes important security consideration for the Weka cluster management.

The Weka system is a secured environment. It deploys a combination of security controls to ensure secured communication and secured user data.
The security controls include the following:
HTTPS access: To access the Weka GUI, you connect only to one of the system servers using HTTPS through port 14000.
Authentication tokens: The authentication tokens are used for accessing the Weka system API and to allow the mounting of secure filesystems.
KMS: When creating an encrypted filesystem, a KMS must be used to properly secure the encryption keys. The KMS encrypts and decrypts filesystem keys.
TLS certificates: By default, the system deploys a self-signed certificate to access the GUI, CLI, and API through HTTPS.  You can deploy your certificate by providing an unencrypted private key and certificate PEM files.
CA certificates: The system uses well-known CA certificates to establish trust with external services. For example, when using a KMS.
Account lockout: To prevent brute force attacks, if several login attempts fail (default: 5), the user account is locked for several minutes (default: 2 minutes).
Login banner: The login banner provides a security statement or a legal message displayed on the sign-in page.
GUI session automatic termination: The user is signed out after 30 minutes of inactivity.
​
Related topics
​Obtain authentication tokens​
​KMS management​
​TLS certificate management​
​CA certificate management​
​Account lockout threshold policy management​
​Organizations management
    (security topics related to mounting and separation of organizations)
​User management
    (authentication of different user roles and AD/LDAP)

Operation Guide - Previous

System congestion

Obtain authentication tokens

Last modified 4mo ago