Secure Remote Access
To ensure highest levels of security, all users are required to centrally authenticate using the configured Identity Provider (IdP). Once successfully authenticated, an ephemeral service account for the user is federated on the remote cluster in a Just in Time (JIT) manner.
Users are provided with the means to remotely access their namespace and perform Kubectl operations using the Kubectl CLI or an integrated browser based shell.
!!! note Learn more about Zero Trust Kubectl in the Rafay platform.
Why is it required?¶
Secure remote access is critical for enhancing security, governance, and operational efficiency. Here are some reasons why it is required:
Zero Trust Principles¶
- Identity Verification: Enforce strict identity verification before granting access. Every request is authenticated and authorized, ensuring that only legitimate users with the appropriate permissions can interact with the cluster.
- No Implicit Trust: In a Zero Trust model, no user or device is inherently trusted, even if they are within the network perimeter. Reduce the risk of insider threats or compromised credentials leading to unauthorized access.
Granular Access Control¶
- Least Privilege Access: Allows administrators to enforce the principle of least privilege by defining granular roles and permissions. Users are granted only the minimal level of access necessary for their tasks, which limits the potential impact of a compromised account.
- Contextual Access: Access can be restricted based on various factors such as time of day, location, or the security posture of the device being used. This adds another layer of control, ensuring that even authorized users can only access resources under specific conditions.
Compliance and Auditing¶
- Detailed Audit Logs: Comprehensive and centralized logging of all actions performed within the cluster. This is crucial for meeting compliance requirements, as it ensures that all access and modifications are fully traceable and auditable.
- Regulatory Compliance: For organizations subject to stringent regulatory frameworks (e.g., GDPR, HIPAA, PCI-DSS), ensure that access controls are enforced and that all actions within the Kubernetes environment can be audited.
Operational Efficiency and Governance¶
- Centralized Management: Centralized management of access controls, policies, and auditing across multiple clusters. This simplifies governance and ensures consistent policy enforcement across all environments, whether on-premises or in the cloud.
- User-Friendly Interface: The platform offers an intuitive interface for managing kubectl access, making it easier for administrators to configure and enforce policies without needing to manually manage complex configurations or scripts.
Multi-Tenancy Support¶
- Tenant Isolation: In multi-tenant environments, ensure that tenants are properly isolated from each other. Restrict users’ access to only the resources within their own namespace or tenant, preventing accidental or malicious cross-tenant access.
- Per-Tenant Policies: Administrators can define different policies for different tenants, ensuring that each tenant’s security and access requirements are met without compromising the overall security of the cluster.
Seamless Integration with Existing Workflows¶
- Compatibility with Existing Tools: Integrates seamlessly with existing CI/CD pipelines, development workflows, and Kubernetes management tools. This ensures that security enhancements do not disrupt ongoing operations or require significant changes to established processes.
- Automation and Scripting Support: The solution supports automation and scripting, enabling teams to maintain their productivity while adhering to stringent security controls.
Zero Trust Network Access (ZTNA)¶
- Secure Remote Access: For remote teams or distributed environments, provide a Zero Trust Network Access (ZTNA) model to provide secure, authenticated access to private/remote Kubernetes clusters without requiring a VPN. This enhances security for remote operations while maintaining ease of access for users.
Significantly enhance the security, compliance, and operational efficiency by implementing Zero Trust principles. Provide granular access controls, robust auditing capabilities, and centralized management, making it an essential tool for organizations that need to secure their environments, particularly in multi-tenant or highly regulated settings.