Reference information
- Security architecture and principles
  In this topic, you will learn about the Portnox™ Cloud security principles and how they apply to every layer of the Portnox Cloud architecture.
- Availability and reliability of Cloud services
  In this topic, you will learn about the availability and reliability of the Portnox Cloud™ services.
- Device retention periods
  In this topic, you will learn the retention periods for devices in Portnox™ Cloud.
- Types of certificates
  In this topic, you will learn about the different types of certificates that are used by Portnox™ Cloud to secure communications.
- EAP methods and their security
  In this topic, you will learn more about the EAP methods used by Portnox™ Cloud, authentication repositories, and operating systems.
- Alert format/content
  In this topic, you will learn what alert information is sent to integrated SIEM solutions and in what format.
- Portnox Cloud REST API
  In this topic, you will find introductory information about the Portnox Cloud REST API, the available API functions, and their most common uses.
- Additional software
- Other integrations
  In this topic, you will find links to documents describing other integrations between Portnox™ Cloud and third-party products.
- Frequently asked questions

How secure is the connection between the local TACACS+ server and Portnox Cloud?

The TACACS+ virtual appliance and Docker container communicate with Portnox Cloud services through a TLS 1.3 tunnel. The entire communication is strongly secured.

If you use SSH to connect to the TACACS+ device, your credentials are fully encrypted end-to-end. First through the SSH session, then through the TACACS+ protocol to the TACACS+ virtual appliance or the Docker container, and then finally though the encrypted TLS tunnel between the TACACS+ virtual appliance or Docker container to Portnox Cloud.

Communication between the TACACS+ server and Portnox Cloud involves sending the credentials because they are necessary to validate the user’s authentication against their selected authentication repository. These credentials are always encrypted and never stored or persisted anywhere in the chain.