You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-nexus/howto-setup-break-glass-access-.md
+11-11Lines changed: 11 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,38 +9,38 @@ ms.date: 11/04/2024
9
9
ms.custom: template-how-to, devx-track-azurecli
10
10
---
11
11
12
-
# Secure break-glass access
12
+
# Set up Method D v2.0 secure break-glass access
13
13
14
14
The Break-Glass mechanism provides temporary and emergency access to Azure Operator Nexus devices or services, primarily for disaster recovery, incident response, or essential maintenance. Access is granted under controlled Identity Access Management (IAM) policies, maintaining security even during emergencies.
15
15
16
-
For Network Fabric environments, the current break-glass model, known as Method D v1.5, relies on shared password authentication. This model, however, is limited to 15 shared accounts and poses significant security risks. Method D v2.0 introduces a modernized approach, implementing FIDO-2 devices and SSH keys to secure break-glass access. Key improvements include:
16
+
For Network Fabric environments, the current break-glass model, known as Method D v1.5, relies on password authentication. This model, however, is limited to 15 shared accounts and poses significant security risks. Method D v2.0 introduces a modernized approach, implementing FIDO-2 devices and SSH keys to secure break-glass access. Key improvements include:
17
17
18
18
-**Strict access control**: Customer administrators control access through individual assignments instead of shared accounts.
19
19
20
-
-**Strong authentication**: Break-glass access is managed via Microsoft Entra with Multi-Factor Authentication (MFA) and Single Sign-On (SSO), eliminating local account dependencies.
20
+
-**Strong authentication**: Break-glass access is managed via Microsoft Entra with Multi-Factor Authentication (MFA) eliminating local account dependencies.
21
21
22
-
-**Enhanced security**: Unauthorized access attempts are logged for audit and investigation purposes.
22
+
-**Enhanced security**: All access attempts are logged for audit and investigation purposes.
23
23
24
24
## FIDO2 token
25
25
26
-
In the Method D v2.0 model, break-glass users are issued a FIDO2 token to create and upload a public key linked to their Entra identity. This provides secure SSH access to Fabric devices. Entra RBAC manages authorization, allowing administrators to assign appropriate access levels to users or teams.
26
+
In the Method D v2.0 model, break-glass users uses a FIDO2 token to create and upload a public key linked to their Entra identity. This provides secure SSH access to Fabric devices. Entra RBAC manages authorization, allowing administrators to assign appropriate access levels to users.
27
27
28
-
For offline accessibility, usernames, public keys, and permissions are pre-provisioned on all Fabric devices, allowing break-glass SSH login without requiring an active Azure connection.
28
+
For offline accessibility, usernames, public keys, and permissions are pre-provisioned on all the Network Fabric devices, allowing break-glass SSH login without requiring an active Azure connection.
29
29
30
-
Each FIDO2 token serves as a physical USB device, typically with a fingerprint reader, offering unphishable, multi-factor authentication through user presence and PIN verification.
30
+
Each FIDO2 token serves usually as a physical USB device, offering unphishable, multi-factor authentication through user presence and PIN verification.
31
31
32
32
## Method D v2.0 setup and operations
33
33
34
34
This guide is divided into two sections
35
35
36
-
1. **Method D V2.0 infrastructure setup** - Mandatory for both existing and new NF deployments running Runtime Fabric version 4.0.0.
36
+
1. **Method D v2.0 infrastructure setup** - Mandatory for both existing and new NF deployments running Runtime Fabric version 4.0.0.
37
37
38
-
2.[**Using Method D V2.0 breakglass access**](howto-use-break-glass-access.md)
38
+
2.[**Using Method D v2.0 breakglass access**](howto-use-break-glass-access.md)
39
39
40
40
41
-
### MethodDV2 infrastructure setup
41
+
### Method D v2.0 infrastructure setup
42
42
43
-
This guide provides an overview of the mandatory infrastructure setup for both existng and new environments using NF Runtime version 4.0.0.
43
+
This guide provides an overview of the infrastructure setup mandatory for both existng and new deployments which will be using NF Runtime version 4.0.0.
Copy file name to clipboardExpand all lines: articles/operator-nexus/howto-use-break-glass-access.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.date: 11/04/2024
9
9
ms.custom: template-how-to, devx-track-azurecli
10
10
---
11
11
12
-
# Method D v2.0 Breakglass Access
12
+
# Use Method D v2.0 Breakglass Access
13
13
Breakglass access using Method D v2.0 is a streamlined approach for administrators to grant secure, emergency access to critical network fabric devices. This guide will walk you through setting up and using Breakglass access, including generating SSH keys, granting permissions, and accessing network fabric devices.
14
14
15
15
## Generating SSH Keys Using the Nexusidentity az CLI
0 commit comments