Skip to main content

Qlik Sense Enterprise on Kubernetes


Qlik Sense Enterprise on Kubernetes

Qlik Sense Enterprise on Kubernetes is a self-hosted implementation of Qlik Sense Enterprise that you deploy onto a cloud provider of your choice.

It provides a highly-available and scalable architecture that leverages containerization and container orchestration technologies. There are several ways to configure your Qlik Sense Enterprise on Kubernetes deployment and set up your Kubernetes cluster, depending on your business requirements.

Deployment considerations

Some important things to consider when planning your Qlik Sense Enterprise on Kubernetes deployment are: 

  • Cost of hosting: will your deployment require a lot of infrastructure resources?
  • Required up-time: do you need your apps to be available to users all the time?
  • Ease of setup and deployment: can you devote more effort to set up a large deployment?
  • Scalability and resilience: will there be a large number of users, and will the load be constant or will it vary?

Security considerations

When you deploy Qlik Sense Enterprise on Kubernetes, you should consider the following.

CSRF security for Qlik Sense Enterprise on Kubernetes

Cross-site request forgery (CSRF) is when someone attacks a user’s web application by taking advantage of that user’s authentication. For example, if a user is authenticated on a secure web application, and they click a malicious link during their web session, an attacker can then use their authentication to perform tasks or actions without the user's permission or knowledge.

To ensure that Qlik Sense Enterprise on Kubernetes APIs are protected against CSRF security risks, Qlik has implemented token-based anti-CSRF security for its APIs that will prevent CSRF attacks.

This token is generated on the server-side and is linked to a specific session by the web server, which is then used as a hidden value in every web application form. Because the token is on the server side, and not in the web session, a hacker cannot access that token because they do not have access to the server.