Page History

...

Once the virtual appliance is deployed in the customer environment, the customer's own network and security teams take control and responsibility over securing and maintaining the operating system. This allows you as the customer to apply your own security policies according to your internal guidelines. It also means you control how and when which updates are applied to packages installed directly on the operating system. panagenda application update packages DO NOT contain updates for the base operating system.

The only two services installed on the base operating system that should be accessible from the network are SSH (port 22) and VNC (port 5901). While SSH runs constantly, the VNC server is only started on demand for maintenance that requires a graphical user interface and should be shut down once the work is completed to minimize a possible attack vector. In addition, the Docker service will forward ports HTTP (port 80) and HTTPS (port 443) from the application layer to enable access to the panagenda application.

Application Layer

As part of the Docker infrastructure, panagenda deploys a number of Docker images and containers that make up the panagenda application. These containers work together and communicate over Docker-internal networks that are only accessible within the virtual appliance, except where ports are exposed by the Docker service (HTTP/HTTPS).

panagenda publishes updates for these containers on a regular basis in the form of application update packages. These packages do not only contain new features, but also updates for components/services that provide the base layer for our applications inside the docker containers (e.g. Container OS, Tomcat, Postgres, etc.). However, application update packages do not contain updates for the base operating system of the Alma Linux virtual appliance.

The customer has root access to the virtual appliance. This allows you to 

...