Setting up security for connections
If you use connections, such as platform connections, you should review the following information to determine whether there are any additional tasks that you must complete.
Configuration task | Additional information |
---|---|
Configuring an external route to the Flight service | The Flight service is a data connection service that enables assets, such as notebooks, to interact with various data sources without calling the REST APIs for the data sources. By default, the Flight service is only available to the IBM Cloud Pak for Data instance where the Flight service is running. However, a Red Hat OpenShift Container Platform project administrator can create an external route to the Flight service to enable other applications to interact with it. |
Enabling platform connections to use Kerberos authentication | If you want to connect to data sources that use Kerberos
authentication, you must provide the Kerberos configuration file to the platform connections
microservice. You must complete this task before you create a connection to data sources where
Kerberos authentication is
enabled. The following connections types support Kerberos authentication.
|
Using a CA certificate to connect to internal servers from the platform | If you want to enable the IBM Cloud Pak for Data platform to use your company's CA certificate to validate certificates from your internal servers, you must create a secret that contains the CA certificate. Additionally, if your internal servers use an SSL certificate that is signed using your company's CA certificate, you must create this secret to enable the platform to connect to the servers. |
Requiring users to use secrets for credentials when creating connections | When a user creates a connection, they can provide their
credentials by entering them directly or by specifying a secret. A Red Hat
OpenShift administrator can configure Cloud Pak for Data to enforce the exclusive use of secrets from an
external vault (such as CyberArk or
HashiCorp). Important: Before you change this setting, ensure that the services that you plan to run can
use connections that use credentials from a vault. For details, see Managing secrets and vaults.
|