Securing the Apigee Edge Components for Infrastructure installations

abiram8
Participant IV

Hi,

Do we know any details about information on securing the Apigee Edge Components for Infrastructure installations

Few of understanding based on Apigee Docs is

  1. Enable TLS on Edge UI
  2. Enable TLS on Management Server
  3. Enable TLS on API Endpoint (Secure Virtual Host/Router)
  4. Enable TLS between Router and Message Processor
  5. Enable TLS on Developer Portal UI
  6. Enable authentication on Cassandra JMX (Port: 7199)
  7. Reset Cassandra DB default credentials (cassandra user)
  8. Reset PostgreSQL (Edge/Portal) DB default credentials (apigee & postgres users)
  9. As there is no authentication on Zookeeper, need to secure the access on default port 2181 using IP whitelisting.

Other Securityfactors like:

10.Only Apigee user/root can stop and start the Apigee Components

12. What about log files access

13. Restricted access to each node

Do we have any other factors specific to Apigee instillation components ?

0 1 168
1 REPLY 1

abiram8
Participant IV

@AMAR DEVEGOWDA & @Dino-at-Google please update in case you have any inputs.