Security design and risk mitigation
Talend Management Console and
Dynamic Engine solution incorporates a security-specific design to address common risks
associated with using any cloud solution.
- Network communications:
- All communications across different parts of Talend Management Console and Dynamic Engine go through HTTPS or WSS.
- All users are required to access the Dynamic Engine services exclusively through Talend Management Console and its API endpoints.
- Talend processing services deployed in the Kubernetes clusters are directly or indirectly connected to Talend Cloud through a web socket or ActiveMQ over HTTPS. Talend Cloud services are designed with request isolation in mind; therefore, a request targeting a given Dynamic Engine environment cannot reach other Dynamic Engine environments.
- Authentication and authorization:
A Talend Cloud user must authenticate to Talend Management Console and in the meantime, obtain the Engines - Manage permission (ID: TMC_CLUSTER_MANAGEMENT) to manage Dynamic Engines. This user's login activities are recorded in Talend Cloud logs.
Did this page help you?
If you find any issues with this page or its content – a typo, a missing step, or a technical error – let us know how we can improve!