Security Framework Service and Datacenters
The Security Framework Service (SFS) makes it possible for ControlSuite services to securely find, communicate, and share data with each other. It provides a common interface for services to securely and reliably find and communicate with other services across multiple deployments. All ControlSuite services and clients register and are enrolled with the Security Framework.
The Security Framework can be highly available to provide resilience to network partitions between datacenters, services, and service failures.
Security Framework secures the entire environment by:
- Authenticating the security administrator and client.
- Authorizing what operations the clients can perform.
- Providing infrastructure for services to validate that connecting clients are authorized.
- Only registering trusted services approved by the security administrator in the system.
- Providing a method for services to securely store shared data.
Security Framework uses the following internal components to fulfil these tasks:
- Secure Service Discovery Service (SSDS).
- Authentication and Authorization (AA).
- Distributed Database (DDB).