Introduction
This gives an overview of gateway security measures.
Hardened hosts
The gateway appliance is packaged as a VMware Open Virtual Appliance (OVA). The appliance runs a hardened version of Ubuntu 20.04.
The latest version of the gateway runs containerized services. Containers run on MicroK8s, which is a secure Kubernetes distribution from Canonical.
The operating system and Kubernetes are hardened to meet several industry standard security requirements, including:
Center for Internet Security (CIS) security benchmarks.
Open Web Application Security Project® (OWASP) best practices for containers.
Community-sourced hardening checks, such as:
Secure container images
All container images are hosted securely in Google Artifact Registry. A set of rigorous vulnerability scans are applied to container images, including:
What to do next
See the Security Reference for more information.