Requirements and security considerations
On-premise VMs (VMware VMs)
This section outlines the permissions required for installing the Windows infrastructure and executing chaos experiments. These requirements include administrator privileges, file system access, and managing security settings. Understanding and meeting these requirements are crucial for the successful execution of chaos experiments on Windows VMs.
Windows OS
| Chaos agent deployment model | Native Chaos Agent on Each VM (systemd service within target Windows machine) |
|---|---|
| Connectivity requirements from agent |
|
| Connectivity requirements from VM/cluster/app |
|
| Access requirements for agent install |
|
| Access requirements for basic chaos experiments |
|
| Access requirements for advanced chaos experiments |
|
| Supported chaos faults |
Security considerations
The table below describes the security considerations, that is, the component, its requirement in the scope of the experiment and how the component is used.
For example, the first entry can be interpreted as follows: The Installation script component is required for Service Management* which helps create and manage a service that needs admin permissions to interact with the Service Control Manager.
| Component | Requirement | Description |
|---|---|---|
| Installation Script | Service management | The script that creates and manages a Windows service, which requires administrator privileges to interact with the Service Control Manager (SCM). |
| File system access | The script that creates directories, downloads and extracts files, and modifies the system's PATH environment variable, requiring elevated permissions. | |
| Security and credential management | The script that handles sensitive information, such as administrator user credentials and security configurations, requiring elevated privileges. | |
| Administrator privileges | Overall, administrator privileges that are essential for service management, file system access, network configuration, and security management. | |
| Windows CPU Stress Experiment | Administrator privileges | The experiment that requires Administrator privileges to access and manipulate system CPU resources effectively. |
| WMI access | The experiment that accesses system information using Windows Management Instrumentation (WMI), requiring appropriate permissions. | |
| PowerShell execution policy | The system's PowerShell execution policy which should be set to RemoteSigned to allow the execution of locally created scripts. | |
| Windows Memory Stress Experiment | Administrator privileges | The experiment that requires Administrator privileges to access and modify system resources, including executing the Testlimit executable for memory consumption. |
| WMI access | The experiment that accesses system information using Windows Management Instrumentation (WMI), requiring appropriate permissions. | |
| Permission to run executables | The experiment that uses the Testlimit executable to consume memory, requiring necessary permissions to execute the tool. | |
| PowerShell execution policy | The system's PowerShell execution policy which should be set to RemoteSigned to allow the execution of locally created scripts. | |
| Windows blackhole chaos experiment | Create and manage firewall rules | The experiment that uses New-NetFirewallRule and Remove-NetFirewallRule cmdlets to add and remove firewall rules, requiring administrator privileges. |
| Resolve DNS names | The experiment that uses Resolve-DnsName to resolve domain names to IP addresses, which may require administrator privileges. | |
| Administrator privileges | Administrator privileges that are needed to ensure that the script can perform its intended functions of creating and managing firewall rules and resolving DNS names. | |
| PowerShell execution policy | The system's PowerShell execution policy which should be set to "RemoteSigned" to allow the execution of locally created scripts. |