Portworx Data Services (PDS) uses a shared responsibility model for security. This means that Portworx secures certain components, but you must ensure the security of other components:

  • Portworx secures the SaaS portion of PDS known as the control plane.

  • You must secure components in the data plane.

Secure the data plane

You’re responsible for securing the following components in the data plane:

  • Target clusters: You provide the Kubernetes target clusters and are responsible for keeping them secure and up to date.

  • Backup targets: You provide the object stores used as backup targets and are responsible for keeping them secure.

  • Data service deployments: Portworx deploys certain components onto your target cluster, but ensures the integrity of these components when they’re deployed. Specifically, Portworx deploys the following:

    • Docker images

    • Operators and agents Portworx that manage your applications

Control access to data services

When PDS deploys a data service to your cluster, it creates an initial set of credentials. You are responsible for managing access to the data service from this point, including adding more users.

Last edited: Thursday, Apr 28, 2022