This gives an overview of gateway security measures.

Hardened hosts

The gateway appliance is packaged as a VMware Open Virtual Appliance (OVA). The appliance runs a hardened version of Ubuntu 20.04.

The latest version of the gateway runs containerized services. Containers run on MicroK8s, which is a secure Kubernetes distribution from Canonical.

The operating system and Kubernetes are hardened to meet several industry standard security requirements, including:

Secure container images

All container images are hosted securely in Google Artifact Registry. A set of rigorous vulnerability scans are applied to container images, including:

What to do next

See the Security Reference for more information.