13:12, EEST
October 21, 2019
Hi,
i have a question regarding certificate handling with multiple ua clients.
We are migrating our application to run the ua client in a microservice architecture where the uaclient service runs in docker, is scaled to multiple instances and uses a pki infrastructure with Basic256Sha256SignEncrypt security mode and self signed certificates to connect to the opc servers.
My question is: should the uaclient service instances share one central certificate store and use the same public/private key pair and ApplicationDescription since it is essentially one application that connects to the servers (the instances have different internal ips in the docker network but i think are visible with the same external ip to the opc servers when connecting)?
Or should each service instance use its own key store, AppDescription and key pair? Each opc server is connected to one client instance at a time.
Are there any best practices or guidelines regarding security for running the uaclient in a scalable microservice architecture?
I hope my questions are not to confusing and am thankful for any information/experiences regarding this topic .
Thanks,
ivfa
Most Users Ever Online: 1919
Currently Online:
16 Guest(s)
Currently Browsing this Page:
1 Guest(s)
Top Posters:
Heikki Tahvanainen: 402
hbrackel: 144
rocket science: 88
pramanj: 86
Francesco Zambon: 83
Ibrahim: 78
Sabari: 62
kapsl: 57
gjevremovic: 49
Xavier: 43
Member Stats:
Guest Posters: 0
Members: 728
Moderators: 7
Admins: 1
Forum Stats:
Groups: 3
Forums: 15
Topics: 1529
Posts: 6471
Newest Members:
roycedelargie91, kourtneyquisenbe, ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuartModerators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0
Administrators: admin: 1