4 Secure API Key, Configuration, and Certificates Storage
The Management Cloud Engine (MCE) must be regarded as highly confidential information. Oracle recommends restricting access to admin-level users.
IDCS Authentication and Authorization
The Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) uses the Oracle Identification Cloud Service (IDCS) to provision your authentication and authorization credentials.
User Authentication and Authorization
During an Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) onboarding process, Oracle provisions a username and password pair for you by way of Identification Cloud Service (IDCS) . You use the username and password to access the Oracle SDM Cloud managers. Oracle recommends that you follow the IDCS guidelines for password policy and assure that only authorized personal access Oracle SDM Cloud information and manage call policies. Oracle authenticates and authorizes each request, but you must make sure that the username and password are kept safe including protection from various online security attacks
- Oracle SDM Cloud Security Manager is integrated with the IDCS roles and provides additional, more granular, authorization polices for you to customize what privileges your users have to monitor and manage Session Delivery Network Functions (NFs). The Security Manager also provide an Audit trail of all user initiated commands for security tracking.
- Oracle SDM Cloud Device Manager provides a centralized management of Session Delivery NF credentials, so once a NF is added, your Oracle SDM Cloud managers can have Single Sign On (SSO) access to your NF. The Session Delivery NF credentials, once entered, are encrypted in the Oracle DB and no longer accessible to the end user or to Oracle.
Ground to Oracle SDM Cloud Authentication and Authorization
During your Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) onboarding process, Oracle provisions a unique client_id and secret pair for Management Cloud Engine (MCE) per customer by way of Identification Cloud Service (IDCS). The MCE uses the client_id and secret to acquire an access token (OAuth2.0) from IDCS. The MCE uses the access token for all requests from the MCE for authentication and authorization at the Oracle SDM Cloud gate and destination micro services. The client_id and secret are very sensitive information for Oracle SDM Cloud security.
Note:
Ensure the client_id and secret information remains protected.Oracle SDM Cloud also generates a unique site identifier that the MCE uses to automatically register to Oracle SDM Cloud. Oracle SDM Cloud uses this session identifier to ensure that MCE is registering to a valid site that you have created. Oracle SDM Cloud rejects any attempt made for registration that does not match a valid site identifier. The site identifier is defined as very sensitive information for Oracle SDM Cloud security. Ensure the site indentifier information remains protected.
Oracle SDM Cloud Software Development Security
The Oracle® Session Delivery Management Cloud (Oracle SDM Cloud) strictly follows Oracle Software Security Assurance (OSSA) guidelines for software development. Software security is always the top focus during software design, development, and deployment. Oracle Communications statically scans all source code and third-party software within our Continuous Integration and Continuous Delivery pipeline. Oracle Communications dynamically tests (fuzzing, penetration) all releases. All Oracle Communications Podman images pass through security and virus scans. Oracle Communications audits, fixes, or mitigates all security issues. Each Oracle SDM Cloud release is reviewed by Oracle Cloud Architecture Review (CAR), Corporate Security Solution Assurance Process (CSSAP), and verified by Security Assessment Review (SAR).
Certifications and Attestations
For information on OCI supported certificates and attestations, see https://docs.cloud.oracle.com/en-us/iaas/Content/Security/Concepts/security_guide.htm.