Cloud Security with Stackato
|
|
- Jasmine Holland
- 8 years ago
- Views:
Transcription
1 Cloud Security with Stackato
2 1 Survey after survey identifies security as the primary concern potential users have with respect to cloud computing. Use of an external computing environment raises issues regarding:» Code management and change management processes: how can users be sure that the provider ensures that all necessary code changes and patches are applied to critical infrastructure software like the hypervisor; likewise, how can users be sure providers follow industry best practices regarding change management so that every change is tracked to ensure audit capability?» Application security: How can users be assured that appropriate identity and access management policies are enforced to ensure that access to the application and its environment is controlled?» Computing environment security: how can users be confident that the operating environment in which their applications run is securely partitioned from other organizations using that same environment? As companies now begin to consider moving beyond simple Infrastructure-as-a-Service (IaaS) cloud computing, the same security concerns are now applied to the Platform-as-a-Service (PaaS) environments they evaluate. The benefits of PaaS are clear: increased application agility, more efficient infrastructure utilization, and accelerated application lifecycles. However, should a PaaS provider be unable to address these security concerns, potential users will be prevented from adopting the solution, no matter how compelling its operational benefits. ActiveState recognizes how critical the question of PaaS security is and has architected the Stackato environment to meet the security requirements of its most demanding customers. As part of that commitment to security, ActiveState has addressed the three key areas needed to ensure complete PaaS security: 1. Code Integrity This security element focuses on the security of the code used to build Stackato and how ActiveState ensures any reported code vulnerabilities are addressed to minimize security issues. Stackato has a comprehensive and detailed security policy for vulnerability management and a standardized process it follows to ensure all code patches are tracked, implemented, and distributed as quickly as possible. 2. Application Integrity The security associated with the application container is of critical importance. Regardless of whether you are hosting your applications on a private or public cloud, it is necessary to mitigate the risk of a malicious or poorly designed application that could result in costly downtime and loss/leakage of data. As part of its application integrity measures, ActiveState uses Docker containers to ensure that applications operating in the Stackato environment are partitioned and prevented from accessing one another s application space. ddddddddddd
3 2 3. Operational Integrity While application security is fundamental, securely managing user interaction with the application operating environment is also crucial to ensure full end-to-end security. Stackato implements a number of mechanisms to control Operations access to applications residing within a Docker container. Code Integrity: How Stackato Addresses Code Management to Prevent Security Vulnerabilities The Role of Open Source Components in Stackato Stackato includes many third-party open source components including items sourced from from Canonical s Ubuntu repositories. Based on over 15 years of working with open source products and communities, ActiveState has established industry-best practices to ensure its code management practices address any security issues that may arise. With each new release of Stackato, ActiveState reviews each open source component included in the product to confirm that it contains the latest updates and patches. In addition, ActiveState ensures that included database engines and other data service packages represent the most secure versions by following one of three methods for each data service package:» Sourcing the package from the most recent Ubuntu version, thereby reflecting the package version provided by this leading Linux distribution.» Installing from packages provided by the maintainers, who create and make available upstream more recent and secure versions that may not yet be included in the Ubuntu distribution.» Building the package from the package source. These practices mean that all open source components and packages that are part of Stackato are maintained to the highest possible state of security, and that any security issues that develop are addressed immediately in a manner that allows ActiveState to issue product patches as quickly as possible. Regarding the security practices of the Stackato product itself, ActiveState applies its longestablished code management practices to the product. Stackato is implemented mostly in Ruby, Go, and Node.js. Much of the Stackato code foundation is derived from the Cloud Foundry open source project; however, ActiveState has modified or re-implemented many of the base Cloud Foundry components to improve performance and extend product functionality. For any components that have been patched, augmented, or re-implemented entirely, ActiveState applies security techniques used throughout all of its open source products. All Stackato components modified or extended from the base Cloud Foundry code are actively maintained by ActiveState. Identifying Security Vulnerabilities ActiveState is adept at managing potential vulnerabilities that exist with community-based development. Our developers closely monitor relevant distribution and security-specific mailing lists for all Stackato incorporated projects as well as cve.mitre.org to ensure it is aware of and addressing all security-related product vulnerabilities. Download your free micro cloud:
4 3 Vulnerability announcements are monitored by ActiveState technical team members charged with security responsibility. In addition, Stackato developers maintain responsibility for their respective Stackato components (e.g. ruby gems, nginx, gnatsd), and monitor the source projects for announcements and releases. In this way, there are two sets of eyes focusing on security and being sure all source code security issues are addressed. The ActiveState development team evaluates all new vulnerabilities and assesses which are applicable to Stackato. Once a vulnerability is identified as relevant to Stackato, team members develop a plan to resolve it as quickly as possible. Furthermore, team members assess if logically similar issues might exist in other areas of the product which are exploitable. If one or more vulnerabilities might be possible in other areas of the product, the plan is extended to incorporate those changes as well. Once a code change plan is developed, team members prioritize them for resolution so that the most critical security issues are addressed immediately. Validation & Testing After a thorough review of a vulnerability, the development team determines what code changes need to be made and the best method to implement them. Some are handled as package updates while others require small patches to the distributed product. The criteria to determine action include: severity of the vulnerability, relevancy to Stackato, and exposure risk level for Stackato customers. When a package update is necessary, we review and test the procedure across the current and most recent Stackato versions to provide customers with a fully tested product that will transparently replace the package they are currently running. Once the procedure is defined, ActiveState creates an update process plan that defines which node types require the update and what products components must be restarted. To ensure that all security updates operate properly and will not disrupt operational environments, ActiveState runs a public-facing Stackato sandbox environment where security patches are applied and tested in real-world use prior to being released to customers. This same process is followed for source code patches, with the extra caution taken to account for source code variation in previous Stackato versions. The length of time it requires to address a security vulnerability depends upon the nature of the vulnerability, how many components or packages it affects, and the severity of the vulnerability. We strive for the quickest possible turnaround on all security vulnerabilities and have achieved under 24-hour response for a number of vulnerabilities identified as significant. Patch Distribution To ensure customers are aware of any security issues as well as the necessary steps to address them, ActiveState sends notifications to the technical contacts at each user organization. This describes the general nature of the vulnerability and contains the vulnerability remediation process described in the previous section. As a general rule, ActiveState does not post specific exploit details with a patch to avoid any exploitation efforts and only the patch itself is made available publicly. Remediation normally involves running the Stackato kato patch command, but may require a maintenance window and/or system reboots to ensure the patch is applied properly. Stackato ddddddddddd
5 4 systems generally fetch patches automatically to make the patching process easier for system administrators; however, in cases where user organizations have restricted internet access for particular nodes or clusters, ActiveState has a process to distribute coded patches manually. Application Integrity: Isolating Operating Environments to Prevent Inappropriate Application Interaction The security of your application in a cloud environment is of critical importance. How your application interacts with other applications in the cloud and its resource usage are two popular concerns for most enterprises. With Stackato, we understand these concerns and have addressed application concerns through the use of Docker containers. Docker Containers as the First Line of Defense Stackato uses Docker for its Linux Containers (LXC) to ensure that customer applications are secure. Docker containers allow users to deploy their applications in a safe and secure way, with applications prevented from interacting with any other application residing on the PaaS unless specifically allowed. The application is isolated in such a way that it only sees its own files and processes and is prevented from accessing files or processes associated with other applications even those operated by the same organization. The diagram below provides an overview of the Stackato architecture. Each Droplet Execution Agent (DEA) represents a virtual machine (VM) instance that hosts multiple Docker containers. Within the DEA, each individual cube represents an individual Docker container running an instance of an application. Download your free micro cloud:
6 5 Docker Containers isolate all aspects of an application and, as part of that isolation, define a number of namespaces, each of which identifies resources that a group of processes within a specific container can access. These namespaces include pid, net, ipc, mnt and uts. Table 1: LXC Namespaces Namespace pid net ipc mnt uts The process ID namespace groups and isolates processes so that processes in a namespace only have visibility on other processes in the same namespace. Each pid namespace has its own process id numbering, and the namespace guarantees that process in one namespace cannot affect a process in a sibling or parent namespace. The net namespace allows each container to have its own network interface. You can create pairs of these interfaces such that the interface inside the containers can also map or be connected to an interface that s visible outside the application. This functionality enables the container to talk to the outside world. The actual ports that are used are also associated with the namespace. It allows processes running in multiple containers to each listen on the same port. If you start two apache instances on a VM, the second one will fail to launch because the first port is already allocated. With containers, the application in each container binds with port 80 so there is no conflict as far as the application is concerned. Stackato takes care of mapping the outside port, but each application has its own port, without interfering with the other. Each application also has its own IP tables and firewall rules that are specific to it. This provides a lot of power and assists in isolating your applications. Inter-process communication is included for legacy applications that make use of features generally considered obsolete such as semaphores, message queues, and shared memory segments. A handful of apps such as PostgreSQL still use ipc features. The mnt namespace is like chroot, but more powerful. It uses a number process to share a directory, but there is no access to mnt points on the file system. Each container has its own mnt points and root directory which are mapped into the top-level root file system. It looks like it is running on a normal UNIX file system, but it has no visibility into the file system on any other namespace. This is another isolationist capability of Linux containers. UTS manages the host name. It is convenient for each application to have its own host name because it would be more challenging if every app running in PaaS had to share one. With each application having its own, there is more flexibility for the applications and some isolation. If you make the hostname system call you will see the hostname associated with the uts namespace, not the hostname overall. The Linux container implementation using Docker is a fundamental component of how Stackato works. Containers can be rapidly spun up, ensuring rapid response to administrative commands or application load factors. Since a container takes only a few milliseconds to create, these instances appear almost instantaneously, thereby ensuring that applications respond immediately to changing application load. ddddddddddd
7 6 Containers also allow you to configure limits to container resource consumption, which enables you to be sure that no single container can spin out of control and consume all of the resources. In addition, you can implement security patches on only the VMs that may need it, without having to affect others that may reside on the same infrastructure. Operational Integrity: Implementing Access Controls to Prevent Inappropriate User Interaction Whether you are hosting your applications on a public, private or hybrid cloud, how that application can be accessed is of critical importance. While Docker containers are the first line of defense for Stackato, ActiveState has implemented further security measures to ensure that only appropriate user personnel can gain access to critical application resources. App Armor Each container runs AppArmor (similar to SELinux as a system mechanism to increase default Linux security) to provide an extra layer of security. Even if a person obtains inappropriate access to the root level of one container, AppArmor prevents the user from breaking out of the container, thereby protecting the operating environments of applications residing in other containers. SSL One mechanism to access Stackato is through a browser via HTTP. To further improve operational security, by default Stackato uses the more secure HTTPS for access. SSL requires a certificate on the server, so we deliver Stackato with a self-signed certificate to enable secure use out of the box. However, it is also easy to use your own SSL certificate should you wish to do so. SSH & SCP Access To perform some administrative functions or to interact with software and configurations, Stackato allows SSH access to the container. When SSH is used, it provides complete access to the container process space, file systems, environment, hostname and network. Common actions executed via SSH include examining the application environment, low-level debugging (eg. strace or tcpdump), and to make local non-persisted changes for troubleshooting purposes. Any changes implemented on a given container via SSH will not impact other running containers. SCP is also fully supported, allowing files to be safely transferred to and from the container. Any changes made exist only during the life of a given container and will not persist beyond container termination. Because of this, ActiveState recommends that application instances should not store any state information, as this will restrict that application s ability to scale beyond a single instance. State information should be the domain of the provisioned dataservices that Stackato provides. dbshell Stackato provides an SSL tunnel that can be used to access the data services associated with a specific application. The SSL tunnel is created to access an interactive shell, which can access any of the data services ActiveState supports, including MongoDB, MySQL, and PostgreSQL. This functionality is most commonly used to securely import data into a database. Download your free micro cloud:
8 7 sudo access Users can be granted sudo privileges within their application containers to install packages or software. Sudo access allows unrestricted access to container resources and, because of this, this should be reserved for trusted users. Stackato allows administrators to grant or revoke sudo privileges to users through the Stackato API or Web Console. Conclusion As users consider moving to a PaaS, they are drawn to its obvious benefits: simplified application development, more rapid application delivery, and greater business agility. However, all IT organizations are charged with ensuring their applications and data are secure and any improved development tools that might compromise security would be unacceptable, no matter what benefits they might deliver. ActiveState recognizes the critical importance of security and implements security measures throughout Stackato as well as its own development process. ActiveState addresses three key areas necessary to ensure PaaS-based application security:» Code Integrity» Application Integrity» Operational Integrity Based on over 15 years of experience ensuring appropriate security in its products, ActiveState is confident its security measures meet industry-best levels. While no system or product is perfect, ActiveState strives to implement best practices so that its customers can be satisfied with the security of their applications running in ActiveState s Stackato product. ddddddddddd
9 8 ActiveState empowers innovation from code to cloud smarter, safer, and faster. ActiveState s cutting edge solutions give developers and enterprises the Perl, Node.js, PHP, Tcl, and more. Stackato is ActiveState s groundbreaking enterprise private Platform-as-a-Service (PaaS), and is the secure and proven way to develop and deploy apps to the cloud. Download the FREE Stackato Micro Cloud at: ActiveState Software Inc Granville Street Vancouver, BC V6C 1T2 stackato-sales@activestate.com Phone: Fax: NA Toll-free: Download your free micro cloud:
Stackato PaaS Architecture: How it works and why.
Stackato PaaS Architecture: How it works and why. White Paper Published in 2012 Stackato PaaS Architecture: How it works and why. Stackato is software for creating a private Platform-as-a-Service (PaaS).
More informationEnterprise PaaS Evaluation Guide
Enterprise PaaS Evaluation Guide 1 Defining the Enterprise PaaS There are several competing definitions of Platform-as-a-Service (PaaS) and a broad range of service offerings bearing that label. For the
More informationExtending your VMware Cloud Infrastructure with a Private Platform-as-a-Service
Extending your VMware Cloud Infrastructure with a Private Platform-as-a-Service Stackato Offers a Fast, Secure Way to Deploy Applications to your VMware Private Cloud White Paper Published in 2011 Extending
More informationPrivate PaaS for the Agile Enterprise. Empower your Cloud with Private Platform-as-a-Service Technology from ActiveState
Private PaaS for the Agile Enterprise Stackato : Private PaaS for the Agile Enterprise Empower your Cloud with Private Platform-as-a-Service Technology from ActiveState If you already use virtualized infrastructure,
More informationPrivate PaaS 101: What It Is and Why You Need It. Insulate Your Cloud with the Stackato Secure Middleware Layer
Private PaaS 101: What It Is and Why You Need It Insulate Your Cloud with the Stackato Secure Middleware Layer Private PaaS 101: What It Is and Why You Need It Insulate Your Cloud with the Stackato Secure
More informationCloud Portability: PaaS Delivers the Holy Grail
Cloud Portability: PaaS Delivers the Holy Grail White Paper Published in 2012 Cloud Portability: PaaS Delivers the Holy Grail Today s enterprise is built on the promise of mobility, everywhere-access and
More informationBest Practices for Python in the Cloud: Lessons Learned @ActiveState
Best Practices for Python in the Cloud: Lessons Learned @ActiveState Best Practices for Python in the Cloud Presented by: Gisle Aas, Senior Developer, ActiveState whoami? Gisle Aas! gisle@activestate.com!
More informationDo Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16
Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization
More informationOpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures
OpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures by Alexander Lomov, R&D Engineer at Altoros 2 Table of Contents: 1. Executive Summary... 3 2. The History of OpenShift
More informationLeverage the Cloud for your Python & Perl Applications. Stackato Offers a Fast, Simple Way to Deploy Webs Apps to the Cloud
Leverage the Cloud for your Python & Perl Applications Stackato Offers a Fast, Simple Way to Deploy Webs Apps to the Cloud White Paper Published in 2011 Leverage the Cloud for your Python & Perl Applications
More informationBuilding Docker Cloud Services with Virtuozzo
Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are
More informationQuickSpecs. HP Helion Development Platform. Overview
Overview What is it? The is a service that enables developers to rapidly develop, deploy and scale applications across a mix of public and private clouds. We provide support for applications developed
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationH Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments
H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service
More informationThe Virtualization Practice
The Virtualization Practice White Paper: Managing Applications in Docker Containers Bernd Harzog Analyst Virtualization and Cloud Performance Management October 2014 Abstract Docker has captured the attention
More informationBuilding a Continuous Integration Pipeline with Docker
Building a Continuous Integration Pipeline with Docker August 2015 Table of Contents Overview 3 Architectural Overview and Required Components 3 Architectural Components 3 Workflow 4 Environment Prerequisites
More informationLinstantiation of applications. Docker accelerate
Industrial Science Impact Factor : 1.5015(UIF) ISSN 2347-5420 Volume - 1 Issue - 12 Aug - 2015 DOCKER CONTAINER 1 2 3 Sawale Bharati Shankar, Dhoble Manoj Ramchandra and Sawale Nitin Shankar images. ABSTRACT
More informationWHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security
Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application
More informationMirantis OpenStack Express: Security White Paper
Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving
More informationTenable for CyberArk
HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments
More informationAssignment # 1 (Cloud Computing Security)
Assignment # 1 (Cloud Computing Security) Group Members: Abdullah Abid Zeeshan Qaiser M. Umar Hayat Table of Contents Windows Azure Introduction... 4 Windows Azure Services... 4 1. Compute... 4 a) Virtual
More informationCisco Application-Centric Infrastructure (ACI) and Linux Containers
White Paper Cisco Application-Centric Infrastructure (ACI) and Linux Containers What You Will Learn Linux containers are quickly gaining traction as a new way of building, deploying, and managing applications
More informationVirtualization Essentials
Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationDocker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou
Docker : devops, shared registries, HPC and emerging use cases François Moreews & Olivier Sallou Presentation Docker is an open-source engine to easily create lightweight, portable, self-sufficient containers
More informationw w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform
w w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform http://www.ulticloud.com http://www.openstack.org Introduction to OpenStack 1. What OpenStack is
More information10 Myths. About Running Open Source Software in Your Business
10 Myths About Running Open Source Software in Your Business White Paper July 2008 10 Myths About Running Open Source Software in Your Business Myth 1 You Have to Choose Between Open Source Software and
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationdepl Documentation Release 0.0.1 depl contributors
depl Documentation Release 0.0.1 depl contributors December 19, 2013 Contents 1 Why depl and not ansible, puppet, chef, docker or vagrant? 3 2 Blog Posts talking about depl 5 3 Docs 7 3.1 Installation
More informationIBM Cloud Manager with OpenStack
IBM Cloud Manager with OpenStack Download Trial Guide Cloud Solutions Team: Cloud Solutions Beta cloudbta@us.ibm.com Page 1 Table of Contents Chapter 1: Introduction...3 Development cycle release scope...3
More informationJAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON
JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager adesso AG, Germany 12.10. Agenda A Few Words About Cloud Java and IaaS PaaS Platform as a Service Google
More informationRally Installation Guide
Rally Installation Guide Rally On-Premises release 2015.1 rallysupport@rallydev.com www.rallydev.com Version 2015.1 Table of Contents Overview... 3 Server requirements... 3 Browser requirements... 3 Access
More informationIBM Bluemix. The Digital Innovation Platform. Simon Moser (smoser@de.ibm.com) @mosersd
IBM Bluemix The Digital Innovation Platform Simon Moser (smoser@de.ibm.com) @mosersd Who am I? - Senior Technical Staff Member at IBM Research & Development Lab in Böblingen, Germany - Bluemix Application
More informationRED HAT SOFTWARE COLLECTIONS BRIDGING DEVELOPMENT AGILITY AND PRODUCTION STABILITY
RED HAT S BRIDGING DEVELOPMENT AGILITY AND PRODUCTION STABILITY TECHNOLOGY BRIEF INTRODUCTION BENEFITS Choose the right runtimes for your project with access to the latest stable versions. Preserve application
More informationTable of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index
Table of Contents Chapter 1: Installing Endpoint Application Control System Requirements... 1-2 Installation Flow... 1-2 Required Components... 1-3 Welcome... 1-4 License Agreement... 1-5 Proxy Server...
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationSecurity Advice for Instances in the HP Cloud
Security Advice for Instances in the HP Cloud Introduction: HPCS protects the infrastructure and management services offered to customers including instance provisioning. An instance refers to a virtual
More informationLinux A first-class citizen in Windows Azure. Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise
Linux A first-class citizen in Windows Azure Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise 1 First, I am software developer (C/C++, ASM, C#, Java, Node.js,
More informationREQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series
More informationCloudPassage Halo Technical Overview
TECHNICAL BRIEF CloudPassage Halo Technical Overview The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure
More informationPlatform as a Service and Container Clouds
John Rofrano Senior Technical Staff Member, Cloud Automation Services, IBM Research jjr12@nyu.edu or rofrano@us.ibm.com Platform as a Service and Container Clouds using IBM Bluemix and Docker for Cloud
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationInstallation Runbook for Avni Software Defined Cloud
Installation Runbook for Avni Software Defined Cloud Application Version 2.5 MOS Version 6.1 OpenStack Version Application Type Juno Hybrid Cloud Management System Content Document History 1 Introduction
More informationPaaS solutions evaluation
PaaS solutions evaluation August 2014 Author: Sofia Danko Supervisors: Giacomo Tenaglia Artur Wiecek CERN openlab Summer Student Report 2014 Project Specification OpenShift Origin is an open source software
More informationVMware Identity Manager Connector Installation and Configuration
VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationSyncplicity On-Premise Storage Connector
Syncplicity On-Premise Storage Connector Implementation Guide Abstract This document explains how to install and configure the Syncplicity On-Premise Storage Connector. In addition, it also describes how
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationCLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service
CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service Open Data Center Alliance, Inc. 3855 SW 153 rd Dr. Beaverton, OR 97003 USA Phone +1 503-619-2368 Fax: +1 503-644-6708 Email:
More informationHP Server Automation Standard
Data sheet HP Server Automation Standard Lower-cost edition of HP Server Automation software Benefits Time to value: Instant time to value especially for small-medium deployments Lower initial investment:
More informationChapter 1 - Web Server Management and Cluster Topology
Objectives At the end of this chapter, participants will be able to understand: Web server management options provided by Network Deployment Clustered Application Servers Cluster creation and management
More information19.10.11. Amazon Elastic Beanstalk
19.10.11 Amazon Elastic Beanstalk A Short History of AWS Amazon started as an ECommerce startup Original architecture was restructured to be more scalable and easier to maintain Competitive pressure for
More informationAlinto Mail Server Pro
Alinto Mail Server Pro Installation Guide Alinto Version 2.0.1 Index 1. Introduction....................................................................................... 1 2. Prerequisites......................................................................................
More informationCloud.com CloudStack Community Edition 2.1 Beta Installation Guide
Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide July 2010 1 Specifications are subject to change without notice. The Cloud.com logo, Cloud.com, Hypervisor Attached Storage, HAS, Hypervisor
More informationEffective End-to-End Cloud Security
Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of
More informationVMware vcenter Log Insight Security Guide
VMware vcenter Log Insight Security Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationInfrastructure, application services, and managed services - all in a single, integrated platform CENTURYLINK S END-TO-END MANAGEMENT SOLUTIONS:
CenturyLink Cloud Infrastructure, application services, and managed services - all in a single, integrated platform Businesses like yours are moving their apps to CenturyLink Cloud. All signs point to
More informationUser Manual of the Pre-built Ubuntu 12.04 Virutal Machine
SEED Labs 1 User Manual of the Pre-built Ubuntu 12.04 Virutal Machine Copyright c 2006-2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US
More informationZend and IBM: Bringing the power of PHP applications to the enterprise
Zend and IBM: Bringing the power of PHP applications to the enterprise A high-performance PHP platform that helps enterprises improve and accelerate web and mobile application development Highlights: Leverages
More informationBuilding a Private Cloud Cloud Infrastructure Using Opensource
Cloud Infrastructure Using Opensource with Ubuntu Server 10.04 Enterprise Cloud (Eucalyptus) OSCON (Note: Special thanks to Jim Beasley, my lead Cloud Ninja, for putting this document together!) Introduction
More informationThe Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:
Compliance Brief The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements: Using Server Isolation and Encryption as a Regulatory Compliance Solution and IT Best Practice Introduction
More informationRED HAT CONTAINER STRATEGY
RED HAT CONTAINER STRATEGY An introduction to Atomic Enterprise Platform and OpenShift 3 Gavin McDougall Senior Solution Architect AGENDA Software disrupts business What are Containers? Misconceptions
More informationhttp://docs.trendmicro.com/en-us/enterprise/trend-micro-endpoint-applicationcontrol.aspx
Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release
More informationAT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012
Version 2.0 January 2012 AT&T CLOUD SERVICES AT&T Synaptic Compute as a Service SM : How to Get Started 2012 AT&T Intellectual Property. All rights reserved. Notice Copyright AT&T Intellectual Property.
More informationCisco Intercloud Fabric Security Features: Technical Overview
White Paper Cisco Intercloud Fabric Security Features: Technical Overview White Paper May 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of
More informationInformation Technology Services Classification Level Range C Reports to. Manager ITS Infrastructure Effective Date June 29 th, 2015 Position Summary
Athabasca University Professional Position Description Section I Position Update Only Information Position Title Senior System Administrator Position # 999716,999902 Department Information Technology Services
More informationDecember 2015 702P00860. Xerox App Studio 3.0 Information Assurance Disclosure
December 2015 702P00860 Xerox App Studio 3.0 Information Assurance Disclosure 2014 Xerox Corporation. All rights reserved. Xerox and Xerox and Design and ConnectKey are trademarks of Xerox Corporation
More informationIBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation
IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing
More informationSTRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape
STRATEGIC WHITE PAPER The next step in server virtualization: How containers are changing the cloud and application landscape Abstract Container-based server virtualization is gaining in popularity, due
More informationPCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP
solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility
More informationAn Introduction to Cloud Computing Concepts
Software Engineering Competence Center TUTORIAL An Introduction to Cloud Computing Concepts Practical Steps for Using Amazon EC2 IaaS Technology Ahmed Mohamed Gamaleldin Senior R&D Engineer-SECC ahmed.gamal.eldin@itida.gov.eg
More informationSECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX
White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-
More informationInstalling and Configuring vcenter Multi-Hypervisor Manager
Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent
More informationMigration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module
Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module June, 2015 WHITE PAPER Contents Advantages of IBM SoftLayer and RackWare Together... 4 Relationship between
More informationMigration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module
Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module June, 2015 WHITE PAPER Contents Advantages of IBM SoftLayer and RackWare Together... 4 Relationship between
More informationBuild A private PaaS. www.redhat.com
Build A private PaaS WITH Red Hat CloudForms and JBoss Enterprise Middleware www.redhat.com Introduction Platform-as-a-service (PaaS) is a cloud service model that provides consumers 1 with services for
More informationSymantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management
Mobile Application Management and Protection Data Sheet: Mobile Security and Management Overview provides integrated mobile application and device management capabilities for enterprise IT to ensure data
More informationWeb Application Hosting Cloud Architecture
Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described
More informationULTEO OPEN VIRTUAL DESKTOP UBUNTU 12.04 (PRECISE PANGOLIN) SUPPORT
ULTEO OPEN VIRTUAL DESKTOP V4.0.2 UBUNTU 12.04 (PRECISE PANGOLIN) SUPPORT Contents 1 Prerequisites: Ubuntu 12.04 (Precise Pangolin) 3 1.1 System Requirements.............................. 3 1.2 sudo.........................................
More informationAppStack Technology Overview Model-Driven Application Management for the Cloud
AppStack Technology Overview Model-Driven Application Management for the Cloud Accelerating Application Time-to-Market The last several years have seen a rapid adoption for public and private cloud infrastructure
More informationOpsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview
Opsview in the Cloud Monitoring with Amazon Web Services Opsview Technical Overview Page 2 Opsview In The Cloud: Monitoring with Amazon Web Services Contents Opsview in The Cloud... 3 Considerations...
More informationA new era of PaaS. ericsson White paper Uen 284 23-3263 February 2015
ericsson White paper Uen 284 23-3263 February 2015 A new era of PaaS speed and safety for the hybrid cloud This white paper presents the benefits for operators and large enterprises of adopting a policydriven
More informationIBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet
IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance
More informationCumuLogic Load Balancer Overview Guide. March 2013. CumuLogic Load Balancer Overview Guide 1
CumuLogic Load Balancer Overview Guide March 2013 CumuLogic Load Balancer Overview Guide 1 Table of Contents CumuLogic Load Balancer... 3 Architectural Overview of CumuLogic Load Balancer... 4 How to Use
More informationDesktop : Ubuntu 10.04 Desktop, Ubuntu 12.04 Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu 10.04 Server, Ubuntu 12.04 Server, CentOS 5, CentOS 6
201 Datavoice House, PO Box 267, Stellenbosch, 7599 16 Elektron Avenue, Technopark, Tel: +27 218886500 Stellenbosch, 7600 Fax: +27 218886502 Adept Internet (Pty) Ltd. Reg. no: 1984/01310/07 VAT No: 4620143786
More informationCloudPassage Halo Technical Overview
TECHNICAL BRIEF CloudPassage Halo Technical Overview The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure
More informationWeb Application Firewall
Web Application Firewall Getting Started Guide August 3, 2015 Copyright 2014-2015 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationINSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER
INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER A TECHNICAL WHITEPAPER Copyright 2012 Kaazing Corporation. All rights reserved. kaazing.com Executive Overview This document
More informationMobile Cloud Computing T-110.5121 Open Source IaaS
Mobile Cloud Computing T-110.5121 Open Source IaaS Tommi Mäkelä, Otaniemi Evolution Mainframe Centralized computation and storage, thin clients Dedicated hardware, software, experienced staff High capital
More informationLinux VPS with cpanel. Getting Started Guide
Linux VPS with cpanel Getting Started Guide First Edition October 2010 Table of Contents Introduction...1 cpanel Documentation...1 Accessing your Server...2 cpanel Users...2 WHM Interface...3 cpanel Interface...3
More informationCloud computing - Architecting in the cloud
Cloud computing - Architecting in the cloud anna.ruokonen@tut.fi 1 Outline Cloud computing What is? Levels of cloud computing: IaaS, PaaS, SaaS Moving to the cloud? Architecting in the cloud Best practices
More informationPLUMgrid Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure
Toolbox: Tools to Install, Operate and Monitor Your Virtual Network Infrastructure Introduction The concept of Virtual Networking Infrastructure (VNI) is disrupting the networking space and is enabling
More informationDevelop a process for applying updates to systems, including verifying properties of the update. Create File Systems
RH413 Manage Software Updates Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems Allocate an advanced file system layout, and use file
More informationLast time. Today. IaaS Providers. Amazon Web Services, overview
Last time General overview, motivation, expected outcomes, other formalities, etc. Please register for course Online (if possible), or talk to Yvonne@CS Course evaluation forgotten Please assign one volunteer
More informationRed Hat Openshift Christoph Eberle
Red Hat Openshift Christoph Eberle Solution Architect Middleware, Red Hat 3/9/15 Red Hat PaaS - Openshift 2 by Application & Business Process Pressure on IT Business Changing Faster More Apps Lower Costs
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationTroubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual
Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics
More informationHow To Use The Dcml Framework
DCML Framework Use Cases Introduction Use Case 1: Monitoring Newly Provisioned Servers Use Case 2: Ensuring Accurate Asset Inventory Across Multiple Management Systems Use Case 3: Providing Standard Application
More informationSUSE Manager in the Public Cloud. SUSE Manager Server in the Public Cloud
SUSE Manager in the Public Cloud SUSE Manager Server in the Public Cloud Contents 1 Instance Requirements... 2 2 Setup... 3 3 Registration of Cloned Systems... 6 SUSE Manager delivers best-in-class Linux
More information