UtopiaSync Security - How does it work?
Custom Security Solutions: The Lego Approach to Integration
One of Utopia's key features is that you can set it up in your own environment. This allows you to configure your own security, ensuring that Utopia meets your specific security guidelines.
Utopia works best in a Kubernetes environment, where all communication between its containers happens internally within the Kubernetes cluster. From a security standpoint, you can completely ring-fence this cluster in whatever way best fits your needs.
Utopia has four interfaces accessible via a browser. By default, these interfaces use port 443 and HTTPS. You can set them up to run within an internal or public network, depending on who you want to have access. Three of these interfaces are for the Utopia UI, typically accessed by users, while the fourth is the external API, which is Utopiaβs REST API feature, usually accessed by other systems. While these are the default settings, they can be customized to suit particular needs.
From an outgoing traffic perspective, the only process needing external access is the microservices pod, which sends requests to the membership server to validate the license via an HTTPS public endpoint.
Other items to consider:
Utopia requires access to an SMTP server using basic authentication to send confirmation emails during the new user registration process.
Because of the nature of the login process, browsers require HTTPS to access the application. We have loaded a certificate into the Nginx ingress to accommodate this. The endpoints need to be verified against this certificate in one of several ways:
Install a certificate manager to create certificates for the specified Utopia endpoints.
Load a wildcard certificate into the Kubernetes cluster so it can validate the endpoints.
Use a third-party solution to enforce SSL during the A record DNS match (like a page rule).
If none of these are done, when you navigate to the URL, the browser will ask if you trust the certificate provided by Kubernetes, and the user will have to manually accept this before traffic can resume.
You can find out more in our installation guide final section. If you are interested in the many ways you can configure Utopia to suit your environment, please take a look at our next article where we explore just this.
Last updated