Security
Portworx Data Services (PDS) uses a shared responsibility model for security. This means that Portworx secures certain components, but you must ensure the security of other components:
-
Portworx secures the SaaS portion of PDS known as the control plane.
-
You must secure components in the data plane.
Secure the data plane
You’re responsible for securing the following components in the data plane:
-
Target clusters: You provide the Kubernetes target clusters and are responsible for keeping them secure and up to date.
-
Backup targets: You provide the object stores used as backup targets and are responsible for keeping them secure.
-
Data service deployments: Portworx deploys certain components onto your target cluster, but ensures the integrity of these components when they’re deployed. Specifically, Portworx deploys the following:
-
Docker images
-
Operators and agents Portworx that manage your applications
-
Control access to data services
When PDS deploys a data service to your cluster, it creates an initial set of credentials. You are responsible for managing access to the data service from this point, including adding more users.