Home
MATRIXX Security
Application Security
Application security includes configuring Web applications and gateways.

Welcome
Release Notes
Architecture Overview
MATRIXX Cloud Native Installation and Configuration
MATRIXX Cloud Native Integration
Implementing MATRIXX in a Cloud
Installation and Configuration
MATRIXX Digital Commerce Upgrade
MATRIXX Security
- About MATRIXX Security
- Introduction to MATRIXX Security
  The information in MATRIXX Security is best-practice information and identifies MATRIXX-specific security considerations and implementations. For container-specific and Kubernetes security information, see the third-party documentation.
- MATRIXX Digital Commerce Security
  MATRIXX Digital Commerce should be deployed within a secure area of a carrier's network. Servers should have limited access points for event processing, business support systems, maintenance and monitoring, and local access.
- Operating System Security
  Operating system security includes firewall allow lists for communication between multiple entities.
- Network Security
  Network zones are stacked with increasing proximity to the "open internet" or DMZ. Each zone is traversed by ingress and egress points through an application or server, with appropriate authentication and authorization for connecting system traffic.
- Application Security
  Application security includes configuring Web applications and gateways.
  - Configuring and Customizing My MATRIXX Authentication
    My MATRIXX leverages the Spring Security Framework. This section describes a sample Spring Security implementation that authenticates against the default My MATRIXX or against an LDAP directory.
  - Configure MATRIXX Backoffice Customer Tool Security
    MATRIXX Backoffice Customer Tool leverages the Spring Security Framework.
  - Application Security Checklist
    The following is a list of best practices for application deployment.
- Cloud Native Security
  The information here addresses cloud native security and includes recommendations for securing your cloud native implementation.
- Database Security
  This information is related to the Event Repository.
MATRIXX Engine Administration
MATRIXX Web App Administration
MATRIXX Engine Integration
Call Control Framework Integration
MATRIXX Diameter Integration
MATRIXX 5G Integration
MATRIXX Monitoring and Logging
Pricing and Rating
MATRIXX Pay Now
MATRIXX Policy
MATRIXX Event Streaming
Subscriber Management
Subscriber Management (SubMan) API
MATRIXX Business API SDK
My MATRIXX Help
MATRIXX Backoffice Customer Tool Help
Third-Party Licenses
Glossary

Application Security

Application security includes configuring Web applications and gateways.

Application security includes Zones 2 and 3 in Figure 1.

Multiple zones (DMX, Web Services, Application Services, Network Systems) separated by firewalls. — Figure 1. Security Zones

MATRIXX Engine must be deployed within a secure area of your network. Think of MATRIXX Engine as a black box server with limited access points for event processing, business support systems, maintenance, and monitoring.

The Gateway Proxy restricts which applications, services, and IP addresses can communicate with MATRIXX Engine. It is located between provisioning and self-care systems and MATRIXX Engine and uses Linux firewall rules to enforce access restrictions. This prevents unauthorized services from communicating with the engine.

The Business API Gateway should be in Zone 4 so that it is separate from MATRIXX Engine and not directly exposed to the internet like the Web services in zone 3.

My MATRIXX

In cloud-native environments, you install My MATRIXX as a separate pod with its own Docker Image. You can deploy it on the same nodes as the Gateway Proxy pods or on remote nodes that communicate through the Gateway Proxy to MATRIXX Engine. MATRIXX recommends that you deploy My MATRIXX separately from the Business API Gateway pods, because the tool is a design-time environment for creating configuration files to deploy to the run-time MATRIXX Engine. This ensures the separation of responsibilities between design-time and run-time systems. For example, the nodes can be located within Zone 1 as the service provider internal network, along with other non-network IT systems.

For information about user authentication, see the discussion about configuring and customizing My MATRIXX authentication.