We use Okta for user authentication into the OpenNMS Portal and Appliance Service.
The Minion appliance allows only cryptographically signed software to run, which helps defend against unauthorized code, such as malware or unapproved applications. OpenNMS uses Docker Notary technology to sign our Minion software, and Ubuntu Core uses snap packages to sign operating system software.
Docker and Ubuntu snaps both use containerization technologies to isolate and protect applications that run within the Minion appliance. This prevents applications from inadvertently or intentionally harming each other or the underlying Ubuntu/Linux Core operating system. These features make containerized software more secure, resilient, and stable than traditional software packages.
Updates to software used in Minion appliances can be automatically or manually initiated when new versions of Minion Docker images or Ubuntu snaps become available for download. Using the technologies described above, appliances will install only cryptographically signed, OpenNMS-approved updates.
OpenNMS development and QA engineers are skilled in secure software engineering and testing techniques. In addition to in-house testing, OpenNMS engages outside security assessment firms to test various components in the Appliance Service and Minion images. If security issues are discovered, they are prioritized for remediation, based on the associated risk, and then re-tested when a fix is implemented.