Below are concise, shippable first drafts you can paste into docs. They align with your SSoT features: RBAC, Secrets, Git-JSON config, Health/management APIs, and container-ready deployment.
Overview
FrameworX is designed for industrial environments with RBAC, a built-in secrets vault, auditable operations, and configuration-as-code (Git-tracked JSON). All network services support TLS; platform health and management endpoints enable safe automation.
Identity & RBAC
Built-in roles: Admin, Engineer, Operator, Viewer (custom roles allowed).
Permissions cover: project changes, runtime control, tag writes, alarm ACK, script execution, connector admin, user/role admin.
Least privilege defaults; deny-by-default on write operations.
Secrets Management
Credentials, keys, and connection strings stored as secret types, never inline in project JSON.
Secrets are encrypted at rest; retrieval occurs only at runtime by privileged services.
Rotate via API/CLI; all rotations are audited.
Audit Logging
Immutable logs for: auth events, role/permission changes, config commits, runtime writes (by user + origin), alarm actions, connector reconfigurations.
Export to SIEM (file/JSON/HTTPS).
Configuration as Code (Git JSON)
All configuration stored in Git-tracked JSON with branching, reviews, and signed commits.
CI checks: schema validation, secret-leak prevention, style/lint; deploy via approved pipeline.
Network & Protocol Security
MQTT: TLS (server + optional client cert), broker ACLs; Sparkplug B topics namespace-scoped.
OPC UA: Sign+Encrypt with modern suites; truststore management documented.
HTTP APIs: TLS only; tokens short-lived; per-role routes.
Operations & Monitoring
Health and management APIs expose liveness/readiness, queue depths, driver states, and last config commit; integrate with Prometheus/OTEL exporters.
Vulnerability & Patch
Monthly security bulletin; CVE watching for bundled components; emergency out-of-band updates for critical issues.
Before install
Place runtimes on isolated VLANs; restrict inbound to OPC UA, MQTT, HTTPS only.
Prepare non-interactive service accounts; implement time-bound admin access.
Install
Use container images or signed installers; validate checksums.
Provide certs (server + client) and broker ACLs before enabling MQTT/OPC UA.
Post-install
Change all defaults; create RBAC roles with least privilege; enforce MFA for Admin.
Disable unused drivers/connectors; set write-rate limits and tag write approvals on OT zones.
Turn on audit to remote sink; set retention & rotation.
Lock down health/management endpoints to ops subnets only.
Configure backup & key escrow for project JSON and secrets.
Performance baselines: capture CPU/mem/disk IO and driver/messaging throughput at idle and under expected load (retain snapshot with project).
Quarterly re-hardening: rotate secrets, review roles, re-pin versions, renew certs.
Scope
We publish an SBOM for FrameworX runtimes and standard connectors each GA release using CycloneDX (JSON) with component name, version, source, license, and hash.
Generation & Distribution
SBOM generated in CI at build time; signed and shipped alongside installers and container images.
Public SBOM page lists versions with hashes and known advisories.
Vulnerability Handling
Continuous scans map SBOM components to CVEs; monthly advisories; critical CVEs come with mitigations and timelines.
Customer Use
Import SBOM into third-party scanners; verify hashes; subscribe to advisories feed.
Offer & licensing
HA is supported via a Primary + Standby topology; standby is licensed at +50% of the selected edition.
Architecture
Nodes share project configuration via Git JSON; stateful services (historian, alarms) use write-ahead logs + store-and-forward to prevent loss.
Failover: health heartbeats; on primary loss, standby assumes virtual IP / broker role; split-brain avoided via fencing/quorum.
RPO/RTO targets (typical): RPO ≤ 30s with store-and-forward; RTO 60–120s depending on driver count and historian size.
Prereqs
Shared DNS or VIP, synchronized time (NTP), mirrored secrets vault, identical versions and drivers, tested broker/OPC UA cert sets.
Testing & Ops
Quarterly switchover tests; validate alarm resume, historian continuity, MQTT session resumes (Sparkplug lifecycle).
Monitor audit for failover events; export health metrics to your monitoring system.
Limits (document transparently)
Long-running custom scripts may restart on failover; confirm idempotency.
For remote sites with unstable links, consider EdgeConnect autonomy plus eventual federation to enterprise UNS.