When deploying an Aspire cluster in a production environment, resource allocation and security settings becomes very important, as these environments should be configured to be as stable and secure as possible.
Resource Allocation
Security Settings
Create a customized Encryption Key File
Aspire stores sensitive configuration such as credentials encrypted with AES-256 algorithm. For that it uses an encryption key located in a file accessible by the Aspire process. If such a key is not configured, a constant default key will be used to encrypt and decrypt.
Using the default key is not secure!, as anything encrypted with it can be decrypted in any other Aspire deployment using the default key.
It is strongly recommended to create a random 256 bit key file (32 bytes) and configure it as the encryption key for all Aspire nodes in the same cluster. See Encryption properties for details on setting it.
Secured Access Authentication and Authorization to Aspire Admin UI and REST API
Enable HTTPS on Aspire Admin UI and REST API
Custom Keystore and Truststore configuration
- For production deployments using the same distribution for manager and worker roles is not supported. There should be at least one distribution for the worker and one for the manager in different VMs.
- It is mandatory to change the default Encryption master key. See Encryption configuration on how to do this.
- Consider securing access to Aspire Admin UI with LDAP. See Ldap Configuration on how to do this.
- Consider securing access to Aspire with HTTPS. See Enable HTTPS.
Overview
Content Tools
Copyright © 2024 Accenture
