for example https://documenta- tion.suse.com/sbp/all/single-html/SBP-Private-Registry/index.html Access to a storage solution providing dynamically physical volumes If it is planned to use Vora’s streaming store is needed If it is planned to enable backup of SAP Data Intelligence 3.3 during installation access to an S3-compatible object store is needed 6 SAP Data Intelligence 3 on Rancher Kubernetes Engine Enterprise Server 15 SP4. Check the storage requirements. Create a or get access to a private container registry. Get an SAP S-user to access software and documentation by SAP. Read the relevant SAP documentation:

and advanced user management on any infrastructure • Access to Shared Tools and Services: a high level of reliability with easy, consistent access to shared tools and services Given the transformative deployed, Kubernetes Management Platforms encourage user adoption with easy, reliable and consistent access to shared tools and services. Feature SUSE Rancher OpenShift Tanzu Anthos Application provider." Cloud provider installers require administrator access to the environment to create the resources but can operate without administrative access once installation is complete. To execute the installation

........................................19 2.4.4 Usingkubectl - Credential Management and Web Access .......................................23 2.4.5 Manage Kubernetes Namespaces................. Kubernetes can be launched in a matter of minutes with a single click through Rancher. Multiple teams and access policies for their clusters can be managed through Rancher, as the platform integrates with LDAP Rancher enables teams to set up and manage multiple Kubernetes environments, and provides role-based access management (RBAC) for both teams and individuals for each environments. • Rancher’s intuitive

Demand APEX Flex on Demand allows you to pay for technology as you use it and provides immediate access to buffer capacity. Your payment adjusts to match your usage. APEX Datacenter Utility APEX Datacenter Kubernetes clusters from data center to cloud and edge and unites them with centralized authentication, access control, and observability. SUSE Rancher lets you streamline cluster deployment on bare metal, edge and user management SUSE Rancher lets you automate processes and applies a consistent set of user access and security policies to all your clusters, no matter where they are running. Shared tools and

Rationale Having access to the local cluster from the Rancher UI is convenient for troubleshooting and debugging; however, if the local cluster is enabled in the Rancher UI, a user has access to all elements Rancher into an external authentication system to simplify user and group access in the Rancher cluster. Doing so assures that access control follows the organization's change management process for user Restrict administrator access to only those responsible for managing and operating the Rancher server. Rationale The admin privilege level gives the user the highest level of access to the Rancher server

Security Policies ✔ Backup and Recovery ✔ Autoscaling ✔ Service Discovery ✔ Networking ✔ RBAC & Access Control DEV DATA CENTER CLOUD BRANCH 5G / EDGE ✔ Common API & Packaging ✔ Health Checks/HA ✔ Security Policies ✔ Backup and Recovery ✔ Autoscaling ✔ Service Discovery ✔ Networking ✔ RBAC & Access Control ✔ Common API & Packaging ✔ Health Checks/HA ✔ Load Balancing ✔ Overlay Networking ✔ Security Policies ✔ Backup and Recovery ✔ Autoscaling ✔ Service Discovery ✔ Networking ✔ RBAC & Access Control Common compute platform across any infrastructure & a consistent set of infrastructure capabilities

clusters across different cloud providers. Rancher provides centralized authentication, role-based access control (RBAC), and monitoring capabilities. This makes it easier to collaborate and manage containerized Networks download site (https://support.juniper.net/support/downloads/?p=contrail-networking) and access the container repository at https://enterprise-hub.juniper.net. 2. Set up the fabric network and (for example, 172.16.0.11/24 through 172.16.0.13/24 in our single cluster example) and gateway • access to one or more DNS servers NOTE: If you're running systemd-resolved on Ubuntu, ensure that /etc/resolv

supported by the module and access rights within services accessible over the module’s public interface are listed in the table below. Table 4 - Approved Services, Roles and Access Rights Service Approved Approved Security Functions Keys and/or CSPs Roles Access Rights to Keys and/or CSPs Module Initialization N/A N/A CO N/A Symmetric Encryption/ Decryption AES, Triple-DES AES, Triple-DES interface: Table 6 - Non-Security Relevant Services Service Approved Security Functions Roles Access Rights to Keys and/or CSPs Large integer operations None User, CO N/A Disable automatic generation

commands specific to Rancher Labs are provided for testing. When performing the tests, you will need access to the Docker command line on the hosts of all three RKE roles. The commands also make use of the Rancher has the ability integrate with external authentication sources (LDAP, SAML, AD…) allows easy access with unique credentials to your existing users or groups. 1.6.2 - Create administrative boundaries users or groups can be assigned access to all clusters, a single cluster or a "Project" (a group of one or more namespaces in a cluster). This allows granular access control to cluster resources. 1

used where required (Manual) 5.1.2 Minimize access to secrets (Manual) 5.1.3 Minimize wildcard use in Roles and ClusterRoles (Manual) 5.1.4 Minimize access to create pods (Manual) 5.1.5 Ensure that default commands specific to Rancher Labs are provided for testing. When performing the tests, you will need access to the Docker command line on the hosts of all three RKE roles. The commands also make use of the clusterrolebinding [name] Audit: 5.1.2 Minimize access to secrets (Manual) Result: warn Remediation: Where possible, remove get, list and watch access to secret objects in the cluster. Audit: 5.1.3