PRJ: iPSK Manager High Availability

Project Summary

Project

iPSK Manager High Availability

Priority

P1

Status

Active — Server 1 in production, Server 2 staged

GitHub

CiscoDevNet/iPSK-Manager

Owner

Evan Rosado (ISE/NAC), Ben (initial deployment)

Detailed Docs

infra-ops::projects/ipsk-manager-ha.adoc

Current State

Component	Status	Notes
Server 1 (Production)	✅ Integrated with ISE	ODBC connectivity active, serving iPSK portal
ISE Integration	✅ Operational	ODBC data source configured, endpoints authenticating
Server 2 (HA)	⚠️ VM ready	Handed over by Ben, not yet configured
HTTPS / TLS	❌ Not implemented	Frontend running on port 80 — no certificate deployed
SQL Security	❌ Overly permissive	DB permissions too liberal (Ben’s initial config), secure SQL (TLS) not enabled
Firewall	❌ Not assessed	No host firewall audit conducted
AppArmor / MAC	❌ Not assessed	No mandatory access control profiling
Security Audit	❌ Not started	Full audit needed — manager will want to see findings

Component

Status

Notes

Server 1 (Production)

✅ Integrated with ISE

ODBC connectivity active, serving iPSK portal

ISE Integration

✅ Operational

ODBC data source configured, endpoints authenticating

Server 2 (HA)

⚠️ VM ready

Handed over by Ben, not yet configured

HTTPS / TLS

❌ Not implemented

Frontend running on port 80 — no certificate deployed

SQL Security

❌ Overly permissive

DB permissions too liberal (Ben’s initial config), secure SQL (TLS) not enabled

Firewall

❌ Not assessed

No host firewall audit conducted

AppArmor / MAC

❌ Not assessed

No mandatory access control profiling

Security Audit

❌ Not started

Full audit needed — manager will want to see findings

Action Items

Conduct full security assessment on Server 1 (firewall, AppArmor, open ports, running services)
Audit SQL permissions — document current state, propose least-privilege model
Deploy TLS certificate — migrate frontend from HTTP (80) to HTTPS (443)
Enable secure SQL connection (TLS between iPSK Manager and ODBC)
Configure Server 2 for HA — mirror Server 1 config with security fixes applied first
Document findings for manager review

Sub-Pages

Notes

Existing server is actively used with ISE policies
Must maintain uptime during HA migration
Reference domus home lab for secure configuration patterns

Metadata

Field	Value
PRJ ID	PRJ-CHLA-IPSK-HA
Author	Evan
Date Created	2026-03-16
Last Updated	2026-03-16
Status	In Progress
Next Review	2026-04-01

Field

Value

PRJ ID

PRJ-CHLA-IPSK-HA

Author

Evan

Date Created

2026-03-16

Last Updated

2026-03-16

Status

In Progress

Next Review

2026-04-01