Skip to main content
Keystone

Keystone Collector security

Contributors netapp-shwetav

Keystone Collector includes security features that monitor the performance and usage metrics of Keystone systems, without risking the security of customer data.

The functioning of Keystone Collector is based on the following security principles:

  • Privacy by design-Keystone Collector collects minimum data to perform usage metering and performance monitoring. For more information, see Data collected for billing. The Remove Private Data option is enabled by default, which masks and protects sensitive information.

  • Least privilege access-Keystone Collector requires minimum permissions to monitor the storage systems, which minimizes security risks and prevents any unintended modifications to the data. This approach aligns with the principle of least privilege, enhancing the overall security posture of the monitored environments.

  • Secure software development framework- Keystone uses a secure software development framework throughout the development cycle, which mitigates risks, reduces vulnerabilities, and protects the system against potential threats.

Security hardening

By default, Keystone Collector is configured to use security-hardened configurations. The following are the recommended security configurations:

  • The operating system of the Keystone Collector virtual machine:

    • Complies with the CIS Debian Linux 12 Benchmark standard. Making any changes to the OS configuration outside the Keystone Collector management software may reduce the system security. For more information, see CIS Benchmark guide.

    • Automatically receives and installs security patches that are verified by Keystone Collector through the auto-update feature. Disabling this functionality may lead to unpatched vulnerable software.

    • Authenticates updates received from Keystone Collector. Disabling APT repository verification can lead to the automatic installation of unauthorized patches, potentially introducing vulnerabilities.

  • Keystone Collector automatically validates HTTPS certificates to ensure connection security. Disabling this feature could lead to impersonation of external endpoints and usage data leakage.

  • Keystone Collector supports Custom Trusted CA certification. By default, it trusts certificates that are signed by public root CAs recognized by the Mozilla CA Certificate program. By enabling additional Trusted CAs, Keystone Collector enables HTTPS certificate validation for connections to endpoints that present these certificates.

  • Keystone collector enables the Remove Private Data option by default, which masks and protects sensitive information. For more information, see Limit collection of private data. Disabling this option results in additional data being communicated to the Keystone system. For example, it can include user-entered information such as volume names which may be considered sensitive information.

Related information