Fiware: how to secure the communication between Orion and Cygnus?

Question

How can we secure the communication between Orion and Cygnus? How can we use cygnus with a protected Orion (pep is deployed above Orion broker)?

Thanks and best regards.

Answer 1

There are several ways of securing Orion->Cygnus communications:

1. Co-locate Orion and Cygnus in the same host, so all comunication are through localhost network interface (this solution assumes that the host itslef is properly secured, of course).
2. Using a firewall (e.g. iptables) so Cygnus port can be reached only from the IP where Orion runs.
3. Using HTTPS notifications. In order to use this option take into account that:
   • Cygnus should be able to receive notifications in HTTPS. I'm not fully sure about Cygnus capabilities with this regards, but my colleague @frb could provide more detail.
   • You need Rush to send notifications in HTTPS with Orion.

You can also explore the posibility of using a PEP proxy for Cygnus. You only need to secure one operation at Cygnus: POST /v1/notifyContext. Have a look to the PEP official documentation.

UPDATE: since verion 1.7.0, Orion implements native HTTPS notifications (i.e. without needing Rush).