Versionen im Vergleich

Version Alte Version 5 Neue Version Aktuell
Änderungen wurden vorgenommen von

Mischa Imbiscuso

Mischa Imbiscuso

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

  • Install a Ubuntu Server LTS

  • Install Kubernetes

  • Install the Approval Portal on the Kubernetes Cluster

  • Install Traefik on the Kubernetes

  • Install the PostgreSQL Database on the Kubernetes Cluster

  • Install the KeyCloak Service on the Kubernetes Cluster

  • Install a valid or self-signed certificate on the Host

  • Create local DNS Entries for approval.my-domain.com → Ubuntu Server IP-Address

  • Install the PDF-Service (if needed) on the SAP Server

    • It depends on the CMS System

  • Configure the KeyCloak with your preferred Identity Provider (Azure, Microsoft AD…)

    • For local Identity Providers, such as LDAP, the customer has to open a Port

  • Last Configuration on the Approval Portal

  • Run the System

Security Information

The Approval Page is build with Blazor Server. The Portal it self does not have any Database connected. It only shows the information, which are sent from the B1i, to the user. There is noch Caching or other optimizer used.

If your legal needs the whole dependency list, please contact service@datatunit.ch.

The Portal it self is hosted on OpenShift. The provider is VSHN. This provider is ISO 27001 certificated. If this certificate is required, please contact service@dataunit.ch. The Cluster it selfs is running on the Infrastructure of Cloudscale, hosted in Lupfig AG, Switzerland.

Currently, each customer has an own running Pod on the OpenShift System. For the Identity Provider, we are using KeyCloak in the latest Version. The stored data in KeyCloak depends on the specific setup of each customer. If the customer does not use any other Identity Provider, KeyCloak will store information such as E-Mail and Password in a Postgres SQL Database. The Database it self is running on the same Cluster. All data are stored only in Switzerland.

The communication between the clients browser and the Approval Service is encrypted by SSL Certificates, which are created and renewed automatically by Letsencrypt. The normal lifespan of a certificated provided by Letsencrypt are three months.

The communication from the Pod to the B1i depends on the customer infrastructure. For the best security approach, the customer should have a Proxy Gateway, a valid DNS Entry and a valid SSL Certificate installed on the Gateway. The approval does not support self signed certificates.