System Management

1.0 Introduction

This article describes the Fortanix Confidential Computing Manager (CCM) system administration settings.

2.0 Configure System Administration Settings (Using UI)

After logging in as the system administrator (sysadmin) user, configure platform-level settings such as email, security policies, and account governance. Perform the following steps to go to the Fortanix CCM System Administration Settings:

1. Log in to Fortanix CCM as a sysadmin user. For more information, refer to Installation Guide - On-premises.

2. Click System Administration on the Fortanix CCM UI top navigation bar.

   

3. On the System Administration page, navigate to Settings → System Management.

   

NOTE

After updating the System Management settings, the changes are marked as “pending” and take effect only after a rolling restart of the Fortanix CCM IAM (Identity and Access Management) services using the following command:

kubectl rollout restart deploy/bodrum

3.1 External Services Settings

1. Email Settings:

   • From address: The email address used as the sender for system-generated emails.

   • Type: The email provider type. Supported values include Amazon SES and SMTP.

2. Amazon SES Settings:

   • SES URL: The endpoint URL of the email service (for example, AWS Simple Email Service (SES) endpoint).

   • Region (Optional): The AWS region for the SES service.

   • Access key: The access key used to authenticate with AWS SES.

   • Secret key (Optional): The secret key used for authentication.

   SMTP Settings:

   • Host: The hostname or IP address of the SMTP server.

   • Port: The port used by the SMTP server (for example: 25, 465, 587, or custom).

   • TLS: Defines TLS behavior. Supported values include disabled, starttls, or required.

3. reCAPTCHA Settings:

   • URL: The endpoint used for reCAPTCHA verification.

   • Site key: The public site key used for reCAPTCHA validation.

   • Secret key (Optional): The secret key used to authenticate reCAPTCHA requests.

3.2 Security Policies Settings

1. Password Policy

   • History size: Number of previous passwords that cannot be reused (maximum: 4).

   • Max repetition (Optional): Maximum allowed repetition of characters in a password.

   • Max sequential characters (Optional): Maximum allowed sequential characters.

   • Minimum length: Minimum number of characters required for user passwords (minimum: 11).

   • Use deny list Enables rejection of commonly used or weak passwords.

2. Account Lockout

   • Lockout type: Defines lockout behavior. Default value is Temporary.

   • Lockout period (seconds): Duration (in seconds) for which the account remains locked (default: 1800).

   • Allowed failed attempts: Number of failed login attempts before the account is locked (default: 10).