Security

MicroCloud’s security model is based on explicit trust and secure-by-default components. Each MicroCloud deployment consists of independently secured components (LXD, MicroCeph, and MicroOVN), each enforcing authentication, encryption, and access control within its own domain.

MicroCloud further enforces security through the use of mutual TLS (mTLS), certificate-based identities, and an explicit trust establishment mechanism. Its deployment as a collection of signed, confined snaps on Ubuntu further strengthens its overall security posture.

Ubuntu security

MicroCloud runs on Ubuntu and benefits from all Ubuntu platform security measures, including kernel hardening, signed packages, and continuous security maintenance. For production environments, we recommend using a recent Ubuntu LTS release to ensure long-term support and predictable security updates.

Ubuntu LTS releases subscribed to Ubuntu Pro can use the Ubuntu Security Guide (USG) for CIS hardening. Refer to the LXD documentation on Ubuntu CIS hardening for related details about auditing LXD hosts with USG.

Snaps and supported versions

The MicroCloud team maintains both Long Term Support (LTS) and feature releases. See Releases and snaps and our Release notes for details about the currently supported releases.

MicroCloud and its components are distributed as snaps, which enhances security by providing a confined environment with a streamlined update mechanism. Both LTS and feature channels receive regular security updates through Canonical’s official infrastructure.

All snaps are digitally signed using assertions to guarantee authenticity and integrity.

Security reporting and disclosure

MicroCloud adheres to the Ubuntu disclosure policy. Report potential security issues privately through GitHub by filing a security advisory. Please include a clear description of the issue, affected MicroCloud versions, reproduction steps, and any known mitigation strategies. Refer to the MicroCloud security policy for details.

MicroCloud

Cryptography

MicroCloud manages cluster membership and encrypted communication through mTLS and certificate-based identities. When a machine joins a cluster, it verifies the cluster’s certificate fingerprint and receives the complete set of member certificates, establishing a consistent trust store.

During the join process, MicroCloud uses an explicit trust establishment mechanism designed to prevent secret leakage and mitigate man-in-the-middle attacks. This mechanism uses a Hash-Based Message Authentication Code (HMAC) to sign the messages exchanged between the machine that initiates the join process and the joining peers. The shared secret used for joining is never transmitted over the network. The join process also enforces rate limits and session timeouts to reduce the risk of replay and brute-force attacks. For further information, refer to the public specification.

Logging

MicroCloud creates logs through systemd. These logs can be accessed with sudo snap logs microcloud.

LXD

For details on LXD’s security architecture and operational guidance, see the LXD security overview and the LXD hardening guide.

MicroCeph

The MicroCeph security documentation provides information on encryption, authentication, best practices for secure deployment and operation, and more.

MicroOVN

MicroOVN secures its network endpoints using the TLS protocol (version 1.2 or higher), along with P-384 elliptic curve keys. For details, refer to the MicroOVN documentation on cryptography, working with TLS, and the MicroOVN security process.