iCompaas Support

Profile Applicability:

• Level 1

Description:

This check ensures that SSL (Secure Socket Layer) is configured for CycleCloud, which provides secure communication between clients and the CycleCloud service. SSL/TLS encryption ensures that data transmitted between clients and CycleCloud is encrypted, protecting it from man-in-the-middle attacks and ensuring confidentiality.

Rationale:

SSL/TLS encryption is essential for securing communications between users and the CycleCloud service. Without SSL, data transmitted over the network could be intercepted or modified by unauthorized parties. Enabling SSL ensures that sensitive information, such as login credentials, job data, and configurations, is transmitted securely.

Impact:

Pros:

• Encrypts communications to ensure data confidentiality and integrity.
  

• Prevents eavesdropping and tampering with sensitive information.
  

• Meets security and compliance requirements (e.g., HIPAA, PCI-DSS) for secure data transmission.
  

Cons:

• Requires the management and renewal of SSL certificates.
  

• Adds some overhead in terms of configuration and performance (though generally negligible with modern systems).
  

Default Value:

By default, SSL is not enabled in CycleCloud. It must be configured manually to secure communications.

Pre-requisites:

Ensure that:

• You have a valid SSL certificate (either self-signed or from a trusted certificate authority).
  

• You have administrative access to the CycleCloud configuration.
  

Test Plan:

Using CycleCloud Console:

1. Log in to the CycleCloud console.
   

2. Go to the Configuration settings.
   

3. Verify that SSL is enabled and configured for the CycleCloud web interface.
   

4. Check the Certificates section to ensure that an SSL certificate is installed and active.
   

5. Verify that the CycleCloud service is accessible via https:// and not http://.
   

Using Command Line:

To check SSL configuration, run the following command to verify if CycleCloud is running with SSL:

curl -I https://<CYCLECLOUD_HOSTNAME>

1. Ensure the response includes HTTP/1.1 200 OK and that the SSL certificate is valid and active by checking the response headers.
   

Implementation Plan:

Using CycleCloud Console:

1. Log in to the CycleCloud console.
   

2. Go to Settings > Configuration.
   

3. In the Web UI section, enable SSL.
   

4. Provide the path to your SSL certificate and private key files, or use a certificate from a trusted certificate authority.
   

5. Save the changes and restart CycleCloud to apply the SSL configuration.
   

Using Command Line:

1. To configure SSL, you must modify the CycleCloud configuration file (typically cyclecloud.yaml or a similar configuration file).
   

Ensure that the following section in the configuration file is correctly set:

ssl:
  enabled: true
  cert_file: /path/to/cert.crt
  key_file: /path/to/cert.key

Restart the CycleCloud service for the changes to take effect:

sudo systemctl restart cyclecloud

Backout Plan:

Using CycleCloud Console:

1. Log in to the CycleCloud console.
   

2. Go to Settings > Configuration.
   

3. Disable SSL by unchecking the SSL option.
   

4. Save the changes and restart CycleCloud.
   

5. Verify that CycleCloud is accessible via http:// instead of https://.
   

Using Command Line:

To disable SSL, update the CycleCloud configuration file by setting:

ssl:
  enabled: false

Restart the CycleCloud service for the changes to take effect:

sudo systemctl restart cyclecloud

References:

• https://docs.cyclecloud.com

• SSL/TLS Best Practices

• Secure Your CycleCloud Installation with SSL