Limiting exposure of your deployment
Version 1.0.0 of the Spotfire Service for Python runs the Spotfire Service for Python under Linux or Windows. The Linux installation provides the option of running the Python engine in a container, on a Spotfire Server node running under Linux.
When you install the Spotfire Service for Python and run a Spotfire Service for Python engine, you can take steps to protect the server deployment, to minimize the risk of unauthorized access, and to minimize the possibility of malicious acts.
Restricted user access
- Run the Spotfire Service for Python using an account that limits network access to only required external data sources and services. (Note that taking this step can limit availability to data and package updates.)
- Always run the node manager containing the Spotfire Service for Python as non-root user. (That is, not as root or under an Administrative account.)
- If you are running a system where other servers have access to computers running the Spotfire Service for Python, disable passwordless access between the server and other servers.
Tighter engine control
- The configuration for the
Spotfire Service for Python uses containers. Running the
Spotfire Service for Python with containers prevents the engines from having access to the host system. See
Containerized Python service for more information.
Note: Docker is available under separate software license terms and is not part of the Spotfire Server or the Spotfire Service for Python. As such, Docker is not within the scope of your license for Spotfire Server or the Spotfire Service for Python. Docker is not supported, maintained, or warranted in any way by Cloud Software Group, Inc. Download and use of Docker is solely at your own discretion and subject to license terms applicable to Docker.
Copyright © Cloud Software Group, Inc. All rights reserved.