SystemLink Enterprise is hosted in a Kubernetes cluster. SystemLink Enterprise connects to test systems to aggregate data for monitoring and analysis.

Complete the following actions to ensure your interactions with SystemLink are secure.
  • Transport Layer Security (TLS) considerations:
    • Configure ingress controllers for TLS termination. Refer to the Kubernetes documentation for details on configuring ingress TLS termination.
    • If applicable, configure your remotely connected MongoDB instance or PostgreSQL instance to use TLS communication. Refer to the MongoDB or PostgreSQL documentation for information on how to enable TLS.
    • If you are using a private certificate authority to configure TLS access, configure trusted certificates when deploying SystemLink Enterprise. Refer to Related tasks for more information.
  • Use firewalls to restrict open ports to only the ports your environment requires. The following table shows the ports and the hostnames SystemLink Enterprise uses.
    Table 15. Ports and Hostnames Used by SystemLink Enterprise
    Host Ports Description Example
    App hostname 443 The hostname of the web application that end users log into to interact with SystemLink Enterprise. Use this hostname when you configure redirect URLs with your OpenID Connect provider. app.sle.corp.com
    API hostname 443 The hostname of the API. Test systems use this hostname to send and to retrieve data from SystemLink Enterprise. api.sle.corp.com
    Salt port hostname 4505, 4506 The hostname listening on the Salt ports used to established connections and send Salt commands to test systems. To prevent exposing Salt ports to the public internet, configure firewalls and Classless Inter-Domain Routing (CIDR) blocks. salt.sle.corp.com
    Note If your hosts have invalid hostnames, you might encounter the following issues.
    • SystemLink cannot receive data from managed targets.
    • Users cannot access SystemLink.
    Refer to Related tasks for information on how to configure web access to SystemLink Enterprise.
  • Use HTTPS for communication between your SystemLink server and all external resources. External resources include your OpenID Connect provider, databases, file storage, and so on.