Improve Connext Studio integration. Implement security configuration best practices#21
Open
jmlvega wants to merge 4 commits into
Open
Improve Connext Studio integration. Implement security configuration best practices#21jmlvega wants to merge 4 commits into
jmlvega wants to merge 4 commits into
Conversation
jmlvega
commented
Jun 26, 2026
jmlvega
commented
- Documentation improvements.
- Updated SecureLogReader.xml to be Connext Studio Spy Source-friendly.
- Added a SecureSystemObserver snippet to enable Connext Studio users to observe all examples.
- Added the ability to generate Secure Apps QoS files with fully resolved absolute paths, along with instructions for configuring Connext Studio Spy Source using the generated files.
- Improved logging in the setup_security scripts when skipping files.
- Updated the security examples configuration to align with best practices.
…apps qos with fully resolved absolute paths. Improved logging of setup_security scrip when skipping files.
jmlvega
commented
Jun 26, 2026
| - **Low-latency communication** across WAN connections | ||
| - **Automatic NAT traversal** capabilities | ||
| - **Secure data transmission** with built-in authentication, encryption and access control | ||
| - **Secure data transmission** with domain-level protection (`ENCRYPT_WITH_ORIGIN_AUTHENTICATION` + PSK encryption) and topic-level encryption for sensitive topics (`t/Vitals`, `t/MotorControl`) |
Author
There was a problem hiding this comment.
needs update: this now uses encryption for all topics (that is the only difference between OperationalDomain and TeleopWanDomain)
jmlvega
commented
Jun 26, 2026
|
|
||
| This QoS profile acts as a common base configuration for all DomainParticipants in the system to provide a level of consistency. It inherits from a builtin profile called *BuiltinQosLib::Generic.Common* through the `base_name` XML attribute. | ||
|
|
||
| #### ***SystemLibrary::WanConfig* profile** |
Author
There was a problem hiding this comment.
Also: security mode uses TeleopWanDomain.xml
jmlvega
commented
Jun 26, 2026
|
|
||
| This configuration is ideal for use with **RTI Connext Studio**. To observe the secured domain with the Spy data source: | ||
|
|
||
| 1. From the repository root, generate resolved QoS files with absolute security-artifact paths: |
Author
There was a problem hiding this comment.
Mention that user needs to run the regular system_arch/security/setup_security.py first to generate the artifacts
jmlvega
commented
Jun 26, 2026
| <data_protection_kind>NONE</data_protection_kind> | ||
| </topic_rule> | ||
| <topic_rule> | ||
| <topic_expression>DDS:Security:LogTopicV2</topic_expression> |
Author
There was a problem hiding this comment.
This needs to be moved before the previous * rule
jmlvega
commented
Jun 30, 2026
| <discovery_protection_kind>NONE</discovery_protection_kind> | ||
| <liveliness_protection_kind>NONE</liveliness_protection_kind> | ||
| <rtps_protection_kind>ENCRYPT</rtps_protection_kind> | ||
| <rtps_protection_kind>ENCRYPT_WITH_ORIGIN_AUTHENTICATION</rtps_protection_kind> |
Author
There was a problem hiding this comment.
need to update 04-security-threat profiles
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.