by Ramkumar Chandrasekeran, Software Engineer - Microsoft R Tiger Team
DeployR Enterprise is designed to deliver analytics solutions at scale to whomever needs it: inside or outside the enterprise. It also guarantees secure delivery of your analytics via DeployR web services. These secure web services integrate seamlessly with existing enterprise security solutions: Single Sign-On, LDAP, Active Directory, PAM, and Basic Authentication, can enforce access privileges already defined by your IT department for existing enterprise users and also have the capability to safely support anonymous users when needed.
Key Security Considerations in Enterprise setting:
In all production environments, it is strongly recommended that SSL/HTTPS be enabled so that client applications can make API calls that connect over HTTPS. Use the following guide to Enable TLS/SSL protocols in DeployR
- LDAP and LDAPS
The standard protocol for reading data from and writing data to Active Directory (AD) domain controllers (DCs) is LDAP. AD LDAP traffic is unsecured by default, which makes it possible to use network-monitoring software to view the LDAP traffic between clients and DCs. You can make LDAP traffic confidential and secure by using Secure Sockets Layer (SSL) / Transport Layer Security (TLS) technology. This combination is referred to as LDAP over SSL — or LDAPS. To ensure that no one else can read the traffic, SSL/TLS establishes an encrypted tunnel between an LDAP client and a DC.
Reasons for enabling LDAPS include:
- Organizational security policies typically require that all client/server communication is encrypted.
- Applications use simple BIND to transport credentials and authenticate against a DC. As simple BIND exposes the users’ credentials in clear text, using SSL/TLS to encrypt the authentication session is strongly recommended.
- Use of proxy binding or password change over LDAP, which requires LDAPS. (Bind to an AD LDS Instance Through a Proxy Object)
- Applications that integrate with LDAP servers (such as Active Directory or Active Directory Domain Controllers) might require encrypted LDAP communications.
LDAPS Authentication Workflow in DeployR: