Security¶
MicroCloud’s security model is based on explicit trust and secure-by-default components. Each MicroCloud deployment consists of independently secured components (LXD, MicroCeph, and MicroOVN), each enforcing authentication, encryption, and access control within its own domain.
MicroCloud further enforces security through the use of mutual TLS (mTLS), certificate-based identities, and an explicit trust establishment mechanism. Its deployment as a collection of signed, confined snaps on Ubuntu further strengthens its overall security posture.
Ubuntu security¶
MicroCloud runs on Ubuntu and benefits from all Ubuntu platform security measures, including kernel hardening, signed packages, and continuous security maintenance. For production environments, we recommend using a recent Ubuntu LTS release to ensure long-term support and predictable security updates.
Snaps¶
MicroCloud and its components are distributed as snaps, which enhances security through providing a confined environment with a streamlined update mechanism. Both LTS and feature channels receive regular security updates through Canonical’s official infrastructure.
All snaps are digitally signed using assertions to guarantee authenticity and integrity.
Security reporting and disclosure¶
Report potential security issues privately through GitHub by filing a security advisory. Please include a clear description of the issue, affected MicroCloud versions, reproduction steps, and any known mitigation strategies.
MicroCloud¶
MicroCloud manages cluster membership and encrypted communication through mTLS and certificate-based identities. When a machine joins a cluster, it verifies the cluster’s certificate fingerprint and receives the complete set of member certificates, establishing a consistent trust store.
During the join process, MicroCloud uses an explicit trust establishment mechanism designed to prevent secret leakage and mitigate man-in-the-middle attacks. This mechanism uses a Hash-Based Message Authentication Code (HMAC) to sign the messages exchanged between the machine that initiates the join process and the joining peers. The shared secret used for joining is never transmitted over the network. The join process also enforces rate limits and session timeouts to reduce the risk of replay and brute-force attacks. For further information, refer to the public specification.
LXD¶
For details on LXD’s security architecture and operational guidance, see the LXD security overview and the LXD hardening guide.
MicroCeph¶
The MicroCeph security documentation provides information on encryption, authentication, best practices for secure deployment and operation, and more.
MicroOVN¶
MicroOVN secures its network endpoints using the TLS protocol (version 1.2 or higher), along with P-384 elliptic curve keys. For details, refer to the MicroOVN documentation on its use of cryptography. Also see the MicroOVN security process documentation.