You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

When deploying an Aspire cluster in a production environment, resource allocation and security settings becomes very important, as these environments should be configured to be as stable and secure as possible.

Resource Allocation

When deploying Aspire nodes, it is important to correctly size each VM or container running the node as different node type has different resource consumption behaviors.

Even though it can be used on development and testing, on production deployments starting manager and worker capabilities in the same JVM is not supported or recommended. There should be at least one distribution for the worker and one for the manager in different VMs.

Manager nodes


Worker nodes


Security Settings

Create a customized Encryption Key File

Aspire stores sensitive configuration such as credentials encrypted with AES-256 algorithm. For that it uses an encryption key located in a file accessible by the Aspire process. If such a key is not configured, a constant default key will be used to encrypt and decrypt.

Using the default key is not secure!, as anything encrypted with it can be decrypted in any other Aspire deployment using the default key.

It is strongly recommended to create a random 256 bit key file (32 bytes) and configure it as the encryption key for all Aspire nodes in the same cluster. See Encryption properties for details on setting it.

Secured Access Authentication and Authorization to Aspire Admin UI and REST API

If an engineering team will be managing Aspire, it is recommended to secure access to the UI by using LDAP to control who gets access to certain actions. See Security API for information on the security model and the roles and Ldap Configuration on how to configure it.

Enable HTTPS on Aspire Admin UI and REST API

It is recommended to secure access to Aspire HTTP endpoints with a TLS/SSL certificate (HTTPS), this is important since some requests will contain sensitive information like credentials. See Enable HTTPS for information on this.

Custom Keystore and Truststore configuration

If using HTTPS services (such as Elasticsearch provider, or crawling HTTPS repositories), and you need to trust the CA of those services it is recommended to include a Java Keystore providing the custom trusted certificates. See Crawling via HTTPs.

  • No labels

Copyright © 2024 Accenture

Contact Us: [email protected]