DNS and Network Security Considerations
- Updated2026-05-14
- 2 minute(s) read
DNS and Network Security Considerations
SystemLink Enterprise is hosted in a Kubernetes cluster. SystemLink Enterprise connects to test systems to aggregate data for monitoring and analysis.
- Transport Layer Security (TLS) considerations:
- Configure ingress controllers for TLS termination. Refer to the Kubernetes documentation for details on configuring ingress TLS termination.
- If applicable, configure your remotely connected MongoDB instance or PostgreSQL instance to use TLS communication. Refer to the MongoDB documentation or PostgreSQL documentation for information on how to enable TLS.
- If you are using a private certificate authority to configure TLS access, configure trusted certificates when deploying SystemLink Enterprise. Refer to Related tasks for more information.
- Use firewalls to restrict open ports to only the ports your
environment requires. The following table shows the ports and the hostnames SystemLink Enterprise uses.
Table 49. SystemLink Enterprise Ports and Hostnames Host Ports Description Example App hostname 443 The hostname of the web application for end user interactions with SystemLink Enterprise. Use this hostname when you configure redirect URLs with your OpenID Connect provider. app.sle.corp.com API hostname 443 The hostname of the API. Test systems use this hostname to send and to retrieve data from SystemLink Enterprise. api.sle.corp.com Salt port hostname 4505, 4506 The hostname listening on the Salt ports for establishing connections and sending Salt commands to test systems. To prevent exposing Salt ports to the public internet, configure firewalls and Classless Inter-Domain Routing (CIDR) blocks. salt.sle.corp.com Note If your hosts have invalid hostnames, you might encounter the following issues.- SystemLink cannot receive data from managed targets.
- Users cannot access SystemLink.
- Use HTTPS for communication between your SystemLink server and all external resources. External resources include your OpenID Connect provider, databases, file storage, and so on.
Related Information
- Preparing to Host and Operate SystemLink Enterprise
Before installing SystemLink Enterprise, ensure that the following network, compute, storage, and security infrastructure is in place.
- AWS Application Load Balancer - HTTPS Listeners
- Azure Application Gateway - SSL/TLS Termination
- Traefik - TLS Configuration
- MongoDB - TLS/SSL Configuration
- PostgreSQL - Secure TCP/IP Connections with SSL
- Layer 7 (Application) Ingress
Layer 7 ingress provides application-level HTTPS load balancing and routing for web services. SystemLink Enterprise uses Layer 7 ingress to expose HTTP-based services through two separate ingress endpoints: one endpoint for the web UI and one endpoint for API access.
- Layer 7 Ingress in AWS
This section describes Layer 7 ingress configuration using the AWS Application Load Balancer (ALB) for SystemLink Enterprise deployed on Amazon EKS. The ALB provides HTTPS load balancing and routing for the SystemLink UI and API hosts.
- AWS Global Ingress Configuration
SystemLink Enterprise configures separate ingress resources for the UI endpoints and API endpoints. Configure the following annotations in your Helm configuration file.
- Layer 7 Ingress in Azure
This section describes Layer 7 ingress configuration using the Azure Application Gateway for SystemLink Enterprise deployed on Azure Kubernetes Service (AKS). The Application Gateway provides HTTPS load balancing and routing for the SystemLink UI and API hosts.
- Azure Global Ingress Configuration
SystemLink Enterprise configures separate ingress resources for the UI endpoints and API endpoints. Configure the following annotations in your Helm configuration file.
- Layer 7 Ingress in Traefik
SystemLink Enterprise supports Traefik Hub API Gateway as a Layer 7 ingress controller. Traefik Hub provides HTTPS load balancing and routing for the SystemLink UI and API hosts.
- Layer 4 (TCP) Ingress
Layer 4 ingress provides TCP-level load balancing for services that require direct TCP connections. SystemLink Enterprise uses Layer 4 ingress for the Salt Master service.
- Enabling Salt Communication in AWS
SystemLink Enterprise uses Salt to manage test systems. Salt communicates with test systems using a TCP-based protocol on ports 4505 and 4506. This section describes using the AWS Network Load Balancer (NLB) for Layer 4 (TCP) ingress with the Salt Master service.
- Enabling Salt Communication in Azure
SystemLink Enterprise uses Salt to manage test systems. Salt communicates with test systems using a TCP-based protocol on ports 4505 and 4506. This section describes using Azure Load Balancer for Layer 4 (TCP) ingress with the Salt Master service.
- Private Certificate Authorities
If you are using a private certificate authority (CA), you must configure SystemLink Enterprise to use the private CA to establish trust.
- AWS VPC
A Virtual Private Cloud (VPC) is an isolated network environment within AWS.
- Azure VNet
An Azure Virtual Network (VNet) is an isolated network environment within Azure.
- Internet Facing Clusters
Enter a short description of your concept here (optional).
- Corporate Network Connected Clusters
A corporate network connected cluster deployment integrates SystemLink with your the private network infrastructure of your organization, ensuring secure access and secure integration with on-premises systems.