ELMA365 relies on a set of proven security technologies for data storage and exchange: PostgreSQL, MongoDB, S3, RabbitMQ, and Redis. Interactions with external systems are secure due to JWT authentication and server-side authorization check.
ELMA365 microservices work inside the Kubernetes cluster (Micro8k solution is used off-the-shelf, however, a deployment within a custom clustering solution is possible). The communication between microservices is organized through secure HTTP and gRPC protocols.
Ingress rules are used to expose the services from within the cluster to services outside the cluster via HTTP and WebSocket protocols. Due to such configuration, direct access to cluster services is not allowed.
PostgreSQL is used as a primary database, providing all the necessary security features. For the ELMA365 Cluster, we advise hosting DBMS on dedicated servers and managing its security separately from the primary system. Make sure that you have read the server installation and security instructions carefully.
- PostgreSQL Installation Guide - https://elma365.com/ru/kb/postgresql.html
- Server Administration - https://postgrespro.com/docs/postgresql/10/admin
- Server Setup and Operation - https://postgrespro.ru/docs/postgresql/10/runtime
- Connections and Authentication - https://postgrespro.com/docs/postgresql/10/runtime-config-connection
- Client Authentication - https://postgrespro.com/docs/postgresql/10/client-authentication
- Database Roles - https://postgrespro.com/docs/postgresql/10/user-manag
The ELMA365 system also uses the MongoDB database. For the ELMA365 Enterprise edition, we advise hosting database software on a dedicated cluster managed separately. Read the installation and security configuration guide carefully.
- MongoDB Installation Guide - https://elma365.com/ru/kb/mongodb.html
- MongoDB Security Manual - https://docs.mongodb.com/v3.6/security/
- MongoDB Security Check-list - https://docs.mongodb.com/v3.6/administration/security-checklist/
The ELMA365 system uses S3-compatible object storage to store user and temporary files. By default, we offer an S3 Minio solution that is relatively simple to deploy and administer. Minio ensures confidentiality and integrity of the processed data through server-side encryption and digital signatures with a limited validity period. For the ELMA365 Enterprise edition, we advise hosting S3-compatible object storage in a dedicated cluster. If you decided to deploy S3 Minio, read the corresponding security manual carefully:
- S3 Minio Security Overview - https://docs.min.io/docs/minio-security-overview.html
Please note that the security of the server operating system, virtualization provider, and the physical server is a client’s responsibility and is not part of ELMA365 On-premises security framework.