Cloud Management Console Cloud Connector Security White Paper

The startup key for the HMC based cloud connector (connector) is used to establish a valid connection between the connector and the CMC Cloud Portal Server (cloud portal) and between the connector and the configuration database (database). Once a valid connection is established to the cloud portal, credentials are returned to the cloud connector allowing for dynamic configuration and reconfiguration. To establish this connection, a security test is executed to assert that the startup key provided is valid. The test begins with a GET request from the connector to the cloud portal which will return a cross-site request forgery (XSRF) header. This XSRF header, along with a portion of the decoded key are then POST’ed to the same cloud portal endpoint. If the key is considered valid, the cloud portal will respond with a set of encoded credentials giving cloud connector access to a database containing the customers cloud connector configuration file.

All communication from the connector to the cloud portal are secured using the Transport Layer Security Version 1.2 protocol (TLSv1.2) and the SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 cipher suite.

Cloud Management Console Cloud Connector Security White Paper