Use AAD authentication with Service Fabric clusters

Security · Service Fabric · 2021_03

Use Azure Active Directory (AAD) client authentication for Service Fabric clusters.

Description

When deploying Service Fabric clusters on Azure, AAD can optionally be used to secure management endpoints. If configured, client authentication (client-to-node security) uses AAD. Additionally Azure Role-based Access Control (RBAC) can be used to delegate cluster access.

For Service Fabric clusters running on Azure, AAD is recommended to secure access to management endpoints.

Recommendation

Consider enabling Azure Active Directory (AAD) client authentication for Service Fabric clusters.

Notes

For Linux clusters, AAD authentication must be configured at cluster creation time. Windows cluster can be updated to support AAD authentication after initial deployment.

Links

• Security recommendations
• Set up Azure Active Directory for client authentication
• Configure Azure Active Directory Authentication for Existing Cluster

---

Last update: 2021-07-04