SDF Container
SDF Containerin a Kubernetes environmentSidecar ContainerIt is distributed in the form of a structure that performs document encryption/decryption and security policy processing within the business system POD.
1. Overview
A deployment method optimized for cloud-native environments, operating independently within the same POD as the business system.
| item | Content |
|---|---|
| Deployment Type | Sidecar Container in Kubernetes POD |
| Target Environment | Kubernetes / POD-based Cloud Environment |
| Terms of Use | Customers subscribed to Security365 |
| Communication Method | Localhost-based REST API calls within the same POD |
2. Components
The main components included in the SDF Container configuration are as follows.
| Components | role |
|---|---|
| SDF Container | Operates as a sidecar and handles encryption/decryption requests |
| Business System | Business applications of client companies that create or use documents |
| EnDec Service | Security Document Header Processing and Key Management (Based on SKMS / EKMS) |
| SCI Server | Key Issuance/Inquiry and Encryption Policy Repository |
| Security365 Management Center | Company Registration, App/Policy Integration Settings |
| SHIELDRM Web Console | Custom Key Policy and License Registration, Integration Management |
| InfoLineage | Document Distribution Tracking and Lineage Management |
| Log Service | Collection of processing history and storage of audit logs |
| Key Vault (KMS) | Integrating with EnDec as a Key Storage for Encryption |
3. Integration Flow
The encryption/decryption process based on the SDF Container proceeds in the following order.
| step | Processing details |
|---|---|
| 1. Prerequisites | After registering your company on the Security365 portal, manage keys and integration settings in the SHIELDRM web console. |
| 2. License Registration | Request/issue a license to be used in the business system and link it with the SDF Container. |
| 3. Encryption/Decryption Request | Sending REST API requests from the business system (main container) to the SDF Container |
| 4. EnDec Processing | The SDF Container receives keys and performs header generation/verification through the EnDec service. |
| 5. Return Results | Store the encrypted file in the shared repository and record the history in InfoLineage. |
- Business system isREST API CallIt can handle encryption and decryption with a key.
- The request information includes the original file path, license information, processing options, and so on.
4. Key Features
| Features | Description |
|---|---|
| Independent Execution | Deployable via sidecar without changing the business system code for immediate use |
| scalability | Support for automatic scaling at the POD level in a Kubernetes environment |
| Security Isolation | Encryption processing is performed in a separate container, separating it from the business logic. |
| Monitoring | Support for real-time metric collection through Prometheus integration |
5. Precautions
- Container-based configuration isCustomers who subscribed to Security365can be used.
- must**Internal Work System (POD)**It only works in an environment installed with a sidecar.
- Independent execution without a license is not possible.
- The detailed deployment guide isSDF Container Deployment GuidePlease refer to the document.