Looking Forward to Zevenet EE 5.2: Role Based Access Control

Posted by Zevenet | 30 May, 2018 | Technical

Load Balancers are a key device in our infrastructure as they are used to distribute traffic across different networks, they are the entry point of applications and even of a whole data center. For that reason, cybersecurity and the security access of different users to the device is an important matter to address.

The main goal of implementing a Role Based Access Control (RBAC) system is to provide to any organization a flexible tool to manage their users, roles and resources defined in the load balancer, such as virtual services or virtual network interfaces. Given that ability, different roles in an organization like network administrators, system administrators, devops, developers or operators, can control their own resources allowing a more agile work group and isolating different projects and scopes.

How the RBAC system has been designed?


Zevenet Dev Team has designed the RBAC system in a standard and easy to maintain infrastructure, but compatible with all the different modules included in Zevenet.

There are new concepts in the new infrastructure like Users, which are provided with a password and independent Zapi Key per user which allows the remote access through API and even control the access through the web GUI. Roles are a compound of predefined objects with their specific actions that can be enabled or disabled according to the role to be created. Resources are the different instances created in the load balancer like a certain farm servers or virtual interfaces. Groups are defined as the association of Users, Roles and Resources. A descriptive diagram is shown below.

Users password are fully encrypted with the highest level of security and synchronized with the system, although they’re not going to have access to the load balancer through command line.

There are predefined roles templates for the different profiles in any organization so the RBAC system has been designed to be easy to adopt and maintain.

How are the security processes integrated with the new RBAC system?


The data security has been taken into consideration in order to protect the sections where the load balancer gathers most sensible data like the listing of network interfaces or aliases which provides information about the topology of the network, read and download of logs files where all the information of the load balancer is centralized, upload or download backups with the full configuration of the load balancer or even the section of support data to help our support team to analyze any issue in the load balancer.

In addition, an the new RBAC provides an Audit system where all the interactions from users accessing to the load balancer or applying any of their actions are logged, so any change in the load balancer can be audited and controlled by the security team, successful or forbidden ones with their corresponding tag.

Next challenges in terms of RBAC would be: physical resources limitation per user using cgroups (like CPU, throughput, memory, etc), further operating system hardening or the support of multiple groups per user.

As the RBAC system is designed to be fully scalable, new great abilities are coming.

Look forward to the Zevenet EE 5.2 release!


Related Blogs

Posted by zenweb | 18 March 2020
Did you know that ZEVENET implements different techniques to provide higher performance and high scale for non-connection oriented and real-time services like UDP (User Datagram Protocol), SIP (Session Initiation Protocol),…
103 LikesComments Off on Delivering the best continuity for non-connection oriented services
Posted by zenweb | 28 March 2019
This edition of the Netdev Conference 0x13 has been driven by a great organization and the high quality of the talks and open discussions. The broad variety of companies, technologies…
146 LikesComments Off on Lessons learned from Netdev Conference 0x13 in Prague
Posted by zenweb | 08 March 2019
Zevenet is proud to present the definitive guide of SIP proxy load balancing to build scalable VoIP scalability, highly available and with enhanced security. In addition, advanced health check to…
147 LikesComments Off on The definitive guide of SIP and PBX services at scale