Security management

Content Software for File User Guide

Part Number

This page describes important security consideration for the Content Software for File cluster management.

The Content Software for File system is a secured environment. It deploys a combination of security controls to ensure secured communication and secured user data.

The security controls include the following:

  • HTTPS access: To access the Content Software for File GUI, you connect only to one of the system servers using HTTPS through port 14000.
  • Authentication tokens: The authentication tokens are used for accessing the Content Software for File system API and to allow the mounting of secure filesystems.
  • KMS: When creating an encrypted filesystem, a KMS must be used to properly secure the encryption keys. The KMS encrypts and decrypts filesystem keys.
  • TLS certificates: By default, the system deploys a self-signed certificate to access the GUI, CLI, and API through HTTPS. You can deploy your certificate by providing an unencrypted private key and certificate PEM files.
  • CA certificates: The system uses well-known CA certificates to establish trust with external services. For example, when using a KMS.
  • Account lockout: To prevent brute force attacks, if several login attempts fail (default: 5), the user account is locked for several minutes (default: 2 minutes).
  • Login banner: The login banner provides a security statement or a legal message displayed on the sign-in page.
  • GUI session automatic termination: The user is signed out after 30 minutes of inactivity.