Securing the Apigee Edge Components for Infrastructure installations

anonymous · November 8, 2019, 3:30am

Hi,

Do we know any details about information on securing the Apigee Edge Components for Infrastructure installations

Few of understanding based on Apigee Docs is

Enable TLS on Edge UI
Enable TLS on Management Server
Enable TLS on API Endpoint (Secure Virtual Host/Router)
Enable TLS between Router and Message Processor
Enable TLS on Developer Portal UI
Enable authentication on Cassandra JMX (Port: 7199)
Reset Cassandra DB default credentials (cassandra user)
Reset PostgreSQL (Edge/Portal) DB default credentials (apigee & postgres users)
As there is no authentication on Zookeeper, need to secure the access on default port 2181 using IP whitelisting.

Other Securityfactors like:

10.Only Apigee user/root can stop and start the Apigee Components

Do we have any other factors specific to Apigee instillation components ?

anonymous · November 8, 2019, 4:12pm

@AMAR DEVEGOWDA & @Dino-at-Google please update in case you have any inputs.

Topic		Replies	Views
SSL/TLS enabled communication for Edge internal components on Private Cloud Apigee apigee-general	0	0	May 8, 2018
Installation topology which would seperate database from rest of the components Apigee private-cloud-deployment	2	1	April 27, 2017
Securing Apigee Edge itself Apigee api-runtime	1	4	June 6, 2019