Cloud Security with Stackato

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cloud Security with Stackato"

Transcription

1 Cloud Security with Stackato

2 1 Survey after survey identifies security as the primary concern potential users have with respect to cloud computing. Use of an external computing environment raises issues regarding:» Code management and change management processes: how can users be sure that the provider ensures that all necessary code changes and patches are applied to critical infrastructure software like the hypervisor; likewise, how can users be sure providers follow industry best practices regarding change management so that every change is tracked to ensure audit capability?» Application security: How can users be assured that appropriate identity and access management policies are enforced to ensure that access to the application and its environment is controlled?» Computing environment security: how can users be confident that the operating environment in which their applications run is securely partitioned from other organizations using that same environment? As companies now begin to consider moving beyond simple Infrastructure-as-a-Service (IaaS) cloud computing, the same security concerns are now applied to the Platform-as-a-Service (PaaS) environments they evaluate. The benefits of PaaS are clear: increased application agility, more efficient infrastructure utilization, and accelerated application lifecycles. However, should a PaaS provider be unable to address these security concerns, potential users will be prevented from adopting the solution, no matter how compelling its operational benefits. ActiveState recognizes how critical the question of PaaS security is and has architected the Stackato environment to meet the security requirements of its most demanding customers. As part of that commitment to security, ActiveState has addressed the three key areas needed to ensure complete PaaS security: 1. Code Integrity This security element focuses on the security of the code used to build Stackato and how ActiveState ensures any reported code vulnerabilities are addressed to minimize security issues. Stackato has a comprehensive and detailed security policy for vulnerability management and a standardized process it follows to ensure all code patches are tracked, implemented, and distributed as quickly as possible. 2. Application Integrity The security associated with the application container is of critical importance. Regardless of whether you are hosting your applications on a private or public cloud, it is necessary to mitigate the risk of a malicious or poorly designed application that could result in costly downtime and loss/leakage of data. As part of its application integrity measures, ActiveState uses Docker containers to ensure that applications operating in the Stackato environment are partitioned and prevented from accessing one another s application space. ddddddddddd

3 2 3. Operational Integrity While application security is fundamental, securely managing user interaction with the application operating environment is also crucial to ensure full end-to-end security. Stackato implements a number of mechanisms to control Operations access to applications residing within a Docker container. Code Integrity: How Stackato Addresses Code Management to Prevent Security Vulnerabilities The Role of Open Source Components in Stackato Stackato includes many third-party open source components including items sourced from from Canonical s Ubuntu repositories. Based on over 15 years of working with open source products and communities, ActiveState has established industry-best practices to ensure its code management practices address any security issues that may arise. With each new release of Stackato, ActiveState reviews each open source component included in the product to confirm that it contains the latest updates and patches. In addition, ActiveState ensures that included database engines and other data service packages represent the most secure versions by following one of three methods for each data service package:» Sourcing the package from the most recent Ubuntu version, thereby reflecting the package version provided by this leading Linux distribution.» Installing from packages provided by the maintainers, who create and make available upstream more recent and secure versions that may not yet be included in the Ubuntu distribution.» Building the package from the package source. These practices mean that all open source components and packages that are part of Stackato are maintained to the highest possible state of security, and that any security issues that develop are addressed immediately in a manner that allows ActiveState to issue product patches as quickly as possible. Regarding the security practices of the Stackato product itself, ActiveState applies its longestablished code management practices to the product. Stackato is implemented mostly in Ruby, Go, and Node.js. Much of the Stackato code foundation is derived from the Cloud Foundry open source project; however, ActiveState has modified or re-implemented many of the base Cloud Foundry components to improve performance and extend product functionality. For any components that have been patched, augmented, or re-implemented entirely, ActiveState applies security techniques used throughout all of its open source products. All Stackato components modified or extended from the base Cloud Foundry code are actively maintained by ActiveState. Identifying Security Vulnerabilities ActiveState is adept at managing potential vulnerabilities that exist with community-based development. Our developers closely monitor relevant distribution and security-specific mailing lists for all Stackato incorporated projects as well as cve.mitre.org to ensure it is aware of and addressing all security-related product vulnerabilities. Download your free micro cloud:

4 3 Vulnerability announcements are monitored by ActiveState technical team members charged with security responsibility. In addition, Stackato developers maintain responsibility for their respective Stackato components (e.g. ruby gems, nginx, gnatsd), and monitor the source projects for announcements and releases. In this way, there are two sets of eyes focusing on security and being sure all source code security issues are addressed. The ActiveState development team evaluates all new vulnerabilities and assesses which are applicable to Stackato. Once a vulnerability is identified as relevant to Stackato, team members develop a plan to resolve it as quickly as possible. Furthermore, team members assess if logically similar issues might exist in other areas of the product which are exploitable. If one or more vulnerabilities might be possible in other areas of the product, the plan is extended to incorporate those changes as well. Once a code change plan is developed, team members prioritize them for resolution so that the most critical security issues are addressed immediately. Validation & Testing After a thorough review of a vulnerability, the development team determines what code changes need to be made and the best method to implement them. Some are handled as package updates while others require small patches to the distributed product. The criteria to determine action include: severity of the vulnerability, relevancy to Stackato, and exposure risk level for Stackato customers. When a package update is necessary, we review and test the procedure across the current and most recent Stackato versions to provide customers with a fully tested product that will transparently replace the package they are currently running. Once the procedure is defined, ActiveState creates an update process plan that defines which node types require the update and what products components must be restarted. To ensure that all security updates operate properly and will not disrupt operational environments, ActiveState runs a public-facing Stackato sandbox environment where security patches are applied and tested in real-world use prior to being released to customers. This same process is followed for source code patches, with the extra caution taken to account for source code variation in previous Stackato versions. The length of time it requires to address a security vulnerability depends upon the nature of the vulnerability, how many components or packages it affects, and the severity of the vulnerability. We strive for the quickest possible turnaround on all security vulnerabilities and have achieved under 24-hour response for a number of vulnerabilities identified as significant. Patch Distribution To ensure customers are aware of any security issues as well as the necessary steps to address them, ActiveState sends notifications to the technical contacts at each user organization. This describes the general nature of the vulnerability and contains the vulnerability remediation process described in the previous section. As a general rule, ActiveState does not post specific exploit details with a patch to avoid any exploitation efforts and only the patch itself is made available publicly. Remediation normally involves running the Stackato kato patch command, but may require a maintenance window and/or system reboots to ensure the patch is applied properly. Stackato ddddddddddd

5 4 systems generally fetch patches automatically to make the patching process easier for system administrators; however, in cases where user organizations have restricted internet access for particular nodes or clusters, ActiveState has a process to distribute coded patches manually. Application Integrity: Isolating Operating Environments to Prevent Inappropriate Application Interaction The security of your application in a cloud environment is of critical importance. How your application interacts with other applications in the cloud and its resource usage are two popular concerns for most enterprises. With Stackato, we understand these concerns and have addressed application concerns through the use of Docker containers. Docker Containers as the First Line of Defense Stackato uses Docker for its Linux Containers (LXC) to ensure that customer applications are secure. Docker containers allow users to deploy their applications in a safe and secure way, with applications prevented from interacting with any other application residing on the PaaS unless specifically allowed. The application is isolated in such a way that it only sees its own files and processes and is prevented from accessing files or processes associated with other applications even those operated by the same organization. The diagram below provides an overview of the Stackato architecture. Each Droplet Execution Agent (DEA) represents a virtual machine (VM) instance that hosts multiple Docker containers. Within the DEA, each individual cube represents an individual Docker container running an instance of an application. Download your free micro cloud:

6 5 Docker Containers isolate all aspects of an application and, as part of that isolation, define a number of namespaces, each of which identifies resources that a group of processes within a specific container can access. These namespaces include pid, net, ipc, mnt and uts. Table 1: LXC Namespaces Namespace pid net ipc mnt uts The process ID namespace groups and isolates processes so that processes in a namespace only have visibility on other processes in the same namespace. Each pid namespace has its own process id numbering, and the namespace guarantees that process in one namespace cannot affect a process in a sibling or parent namespace. The net namespace allows each container to have its own network interface. You can create pairs of these interfaces such that the interface inside the containers can also map or be connected to an interface that s visible outside the application. This functionality enables the container to talk to the outside world. The actual ports that are used are also associated with the namespace. It allows processes running in multiple containers to each listen on the same port. If you start two apache instances on a VM, the second one will fail to launch because the first port is already allocated. With containers, the application in each container binds with port 80 so there is no conflict as far as the application is concerned. Stackato takes care of mapping the outside port, but each application has its own port, without interfering with the other. Each application also has its own IP tables and firewall rules that are specific to it. This provides a lot of power and assists in isolating your applications. Inter-process communication is included for legacy applications that make use of features generally considered obsolete such as semaphores, message queues, and shared memory segments. A handful of apps such as PostgreSQL still use ipc features. The mnt namespace is like chroot, but more powerful. It uses a number process to share a directory, but there is no access to mnt points on the file system. Each container has its own mnt points and root directory which are mapped into the top-level root file system. It looks like it is running on a normal UNIX file system, but it has no visibility into the file system on any other namespace. This is another isolationist capability of Linux containers. UTS manages the host name. It is convenient for each application to have its own host name because it would be more challenging if every app running in PaaS had to share one. With each application having its own, there is more flexibility for the applications and some isolation. If you make the hostname system call you will see the hostname associated with the uts namespace, not the hostname overall. The Linux container implementation using Docker is a fundamental component of how Stackato works. Containers can be rapidly spun up, ensuring rapid response to administrative commands or application load factors. Since a container takes only a few milliseconds to create, these instances appear almost instantaneously, thereby ensuring that applications respond immediately to changing application load. ddddddddddd

7 6 Containers also allow you to configure limits to container resource consumption, which enables you to be sure that no single container can spin out of control and consume all of the resources. In addition, you can implement security patches on only the VMs that may need it, without having to affect others that may reside on the same infrastructure. Operational Integrity: Implementing Access Controls to Prevent Inappropriate User Interaction Whether you are hosting your applications on a public, private or hybrid cloud, how that application can be accessed is of critical importance. While Docker containers are the first line of defense for Stackato, ActiveState has implemented further security measures to ensure that only appropriate user personnel can gain access to critical application resources. App Armor Each container runs AppArmor (similar to SELinux as a system mechanism to increase default Linux security) to provide an extra layer of security. Even if a person obtains inappropriate access to the root level of one container, AppArmor prevents the user from breaking out of the container, thereby protecting the operating environments of applications residing in other containers. SSL One mechanism to access Stackato is through a browser via HTTP. To further improve operational security, by default Stackato uses the more secure HTTPS for access. SSL requires a certificate on the server, so we deliver Stackato with a self-signed certificate to enable secure use out of the box. However, it is also easy to use your own SSL certificate should you wish to do so. SSH & SCP Access To perform some administrative functions or to interact with software and configurations, Stackato allows SSH access to the container. When SSH is used, it provides complete access to the container process space, file systems, environment, hostname and network. Common actions executed via SSH include examining the application environment, low-level debugging (eg. strace or tcpdump), and to make local non-persisted changes for troubleshooting purposes. Any changes implemented on a given container via SSH will not impact other running containers. SCP is also fully supported, allowing files to be safely transferred to and from the container. Any changes made exist only during the life of a given container and will not persist beyond container termination. Because of this, ActiveState recommends that application instances should not store any state information, as this will restrict that application s ability to scale beyond a single instance. State information should be the domain of the provisioned dataservices that Stackato provides. dbshell Stackato provides an SSL tunnel that can be used to access the data services associated with a specific application. The SSL tunnel is created to access an interactive shell, which can access any of the data services ActiveState supports, including MongoDB, MySQL, and PostgreSQL. This functionality is most commonly used to securely import data into a database. Download your free micro cloud:

8 7 sudo access Users can be granted sudo privileges within their application containers to install packages or software. Sudo access allows unrestricted access to container resources and, because of this, this should be reserved for trusted users. Stackato allows administrators to grant or revoke sudo privileges to users through the Stackato API or Web Console. Conclusion As users consider moving to a PaaS, they are drawn to its obvious benefits: simplified application development, more rapid application delivery, and greater business agility. However, all IT organizations are charged with ensuring their applications and data are secure and any improved development tools that might compromise security would be unacceptable, no matter what benefits they might deliver. ActiveState recognizes the critical importance of security and implements security measures throughout Stackato as well as its own development process. ActiveState addresses three key areas necessary to ensure PaaS-based application security:» Code Integrity» Application Integrity» Operational Integrity Based on over 15 years of experience ensuring appropriate security in its products, ActiveState is confident its security measures meet industry-best levels. While no system or product is perfect, ActiveState strives to implement best practices so that its customers can be satisfied with the security of their applications running in ActiveState s Stackato product. ddddddddddd

9 8 ActiveState empowers innovation from code to cloud smarter, safer, and faster. ActiveState s cutting edge solutions give developers and enterprises the Perl, Node.js, PHP, Tcl, and more. Stackato is ActiveState s groundbreaking enterprise private Platform-as-a-Service (PaaS), and is the secure and proven way to develop and deploy apps to the cloud. Download the FREE Stackato Micro Cloud at: ActiveState Software Inc Granville Street Vancouver, BC V6C 1T2 Phone: Fax: NA Toll-free: Download your free micro cloud:

Stackato PaaS Architecture: How it works and why.

Stackato PaaS Architecture: How it works and why. Stackato PaaS Architecture: How it works and why. White Paper Published in 2012 Stackato PaaS Architecture: How it works and why. Stackato is software for creating a private Platform-as-a-Service (PaaS).

More information

Enterprise PaaS Evaluation Guide

Enterprise PaaS Evaluation Guide Enterprise PaaS Evaluation Guide 1 Defining the Enterprise PaaS There are several competing definitions of Platform-as-a-Service (PaaS) and a broad range of service offerings bearing that label. For the

More information

Extending your VMware Cloud Infrastructure with a Private Platform-as-a-Service

Extending your VMware Cloud Infrastructure with a Private Platform-as-a-Service Extending your VMware Cloud Infrastructure with a Private Platform-as-a-Service Stackato Offers a Fast, Secure Way to Deploy Applications to your VMware Private Cloud White Paper Published in 2011 Extending

More information

Private PaaS for the Agile Enterprise. Empower your Cloud with Private Platform-as-a-Service Technology from ActiveState

Private PaaS for the Agile Enterprise. Empower your Cloud with Private Platform-as-a-Service Technology from ActiveState Private PaaS for the Agile Enterprise Stackato : Private PaaS for the Agile Enterprise Empower your Cloud with Private Platform-as-a-Service Technology from ActiveState If you already use virtualized infrastructure,

More information

Private PaaS 101: What It Is and Why You Need It. Insulate Your Cloud with the Stackato Secure Middleware Layer

Private PaaS 101: What It Is and Why You Need It. Insulate Your Cloud with the Stackato Secure Middleware Layer Private PaaS 101: What It Is and Why You Need It Insulate Your Cloud with the Stackato Secure Middleware Layer Private PaaS 101: What It Is and Why You Need It Insulate Your Cloud with the Stackato Secure

More information

Cloud Portability: PaaS Delivers the Holy Grail

Cloud Portability: PaaS Delivers the Holy Grail Cloud Portability: PaaS Delivers the Holy Grail White Paper Published in 2012 Cloud Portability: PaaS Delivers the Holy Grail Today s enterprise is built on the promise of mobility, everywhere-access and

More information

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16

Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Do Containers fully 'contain' security issues? A closer look at Docker and Warden. By Farshad Abasi, 2015-09-16 Overview What are Containers? Containers and The Cloud Containerization vs. H/W Virtualization

More information

Best Practices for Python in the Cloud: Lessons Learned @ActiveState

Best Practices for Python in the Cloud: Lessons Learned @ActiveState Best Practices for Python in the Cloud: Lessons Learned @ActiveState Best Practices for Python in the Cloud Presented by: Gisle Aas, Senior Developer, ActiveState whoami? Gisle Aas! gisle@activestate.com!

More information

OpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures

OpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures OpenShift and Cloud Foundry PaaS: High-level Overview of Features and Architectures by Alexander Lomov, R&D Engineer at Altoros 2 Table of Contents: 1. Executive Summary... 3 2. The History of OpenShift

More information

The Virtualization Practice

The Virtualization Practice The Virtualization Practice White Paper: Managing Applications in Docker Containers Bernd Harzog Analyst Virtualization and Cloud Performance Management October 2014 Abstract Docker has captured the attention

More information

Building Docker Cloud Services with Virtuozzo

Building Docker Cloud Services with Virtuozzo Building Docker Cloud Services with Virtuozzo Improving security and performance of application containers services in the cloud EXECUTIVE SUMMARY Application containers, and Docker in particular, are

More information

Leverage the Cloud for your Python & Perl Applications. Stackato Offers a Fast, Simple Way to Deploy Webs Apps to the Cloud

Leverage the Cloud for your Python & Perl Applications. Stackato Offers a Fast, Simple Way to Deploy Webs Apps to the Cloud Leverage the Cloud for your Python & Perl Applications Stackato Offers a Fast, Simple Way to Deploy Webs Apps to the Cloud White Paper Published in 2011 Leverage the Cloud for your Python & Perl Applications

More information

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service

More information

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011

More information

QuickSpecs. HP Helion Development Platform. Overview

QuickSpecs. HP Helion Development Platform. Overview Overview What is it? The is a service that enables developers to rapidly develop, deploy and scale applications across a mix of public and private clouds. We provide support for applications developed

More information

Tenable for CyberArk

Tenable for CyberArk HOW-TO GUIDE Tenable for CyberArk Introduction This document describes how to deploy Tenable SecurityCenter and Nessus for integration with CyberArk Enterprise Password Vault. Please email any comments

More information

Cisco Application-Centric Infrastructure (ACI) and Linux Containers

Cisco Application-Centric Infrastructure (ACI) and Linux Containers White Paper Cisco Application-Centric Infrastructure (ACI) and Linux Containers What You Will Learn Linux containers are quickly gaining traction as a new way of building, deploying, and managing applications

More information

Linstantiation of applications. Docker accelerate

Linstantiation of applications. Docker accelerate Industrial Science Impact Factor : 1.5015(UIF) ISSN 2347-5420 Volume - 1 Issue - 12 Aug - 2015 DOCKER CONTAINER 1 2 3 Sawale Bharati Shankar, Dhoble Manoj Ramchandra and Sawale Nitin Shankar images. ABSTRACT

More information

IBM Cloud Manager with OpenStack

IBM Cloud Manager with OpenStack IBM Cloud Manager with OpenStack Download Trial Guide Cloud Solutions Team: Cloud Solutions Beta cloudbta@us.ibm.com Page 1 Table of Contents Chapter 1: Introduction...3 Development cycle release scope...3

More information

10 Myths. About Running Open Source Software in Your Business

10 Myths. About Running Open Source Software in Your Business 10 Myths About Running Open Source Software in Your Business White Paper July 2008 10 Myths About Running Open Source Software in Your Business Myth 1 You Have to Choose Between Open Source Software and

More information

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation

More information

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series

More information

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index

Table of Contents. Chapter 1: Installing Endpoint Application Control. Chapter 2: Getting Support. Index Table of Contents Chapter 1: Installing Endpoint Application Control System Requirements... 1-2 Installation Flow... 1-2 Required Components... 1-3 Welcome... 1-4 License Agreement... 1-5 Proxy Server...

More information

Assignment # 1 (Cloud Computing Security)

Assignment # 1 (Cloud Computing Security) Assignment # 1 (Cloud Computing Security) Group Members: Abdullah Abid Zeeshan Qaiser M. Umar Hayat Table of Contents Windows Azure Introduction... 4 Windows Azure Services... 4 1. Compute... 4 a) Virtual

More information

BUILDING DOCKER CLOUD SERVICES WITH VIRTUOZZO

BUILDING DOCKER CLOUD SERVICES WITH VIRTUOZZO BUILDING DOCKER CLOUD SERVICES WITH VIRTUOZZO Improving security and performance of application containers services in the cloud Executive Summary Application containers, and Docker in particular, are

More information

http://docs.trendmicro.com/en-us/enterprise/trend-micro-endpoint-applicationcontrol.aspx

http://docs.trendmicro.com/en-us/enterprise/trend-micro-endpoint-applicationcontrol.aspx Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release

More information

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON

JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON JAVA IN THE CLOUD PAAS PLATFORM IN COMPARISON Eberhard Wolff Architecture and Technology Manager adesso AG, Germany 12.10. Agenda A Few Words About Cloud Java and IaaS PaaS Platform as a Service Google

More information

Introduction to the Mobile Access Gateway

Introduction to the Mobile Access Gateway Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch

More information

Syncplicity On-Premise Storage Connector

Syncplicity On-Premise Storage Connector Syncplicity On-Premise Storage Connector Implementation Guide Abstract This document explains how to install and configure the Syncplicity On-Premise Storage Connector. In addition, it also describes how

More information

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service Open Data Center Alliance, Inc. 3855 SW 153 rd Dr. Beaverton, OR 97003 USA Phone +1 503-619-2368 Fax: +1 503-644-6708 Email:

More information

w w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform

w w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform w w w. u l t i m u m t e c h n o l o g i e s. c o m Infrastructure-as-a-Service on the OpenStack platform http://www.ulticloud.com http://www.openstack.org Introduction to OpenStack 1. What OpenStack is

More information

Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou

Docker : devops, shared registries, HPC and emerging use cases. François Moreews & Olivier Sallou Docker : devops, shared registries, HPC and emerging use cases François Moreews & Olivier Sallou Presentation Docker is an open-source engine to easily create lightweight, portable, self-sufficient containers

More information

Linux A first-class citizen in Windows Azure. Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise

Linux A first-class citizen in Windows Azure. Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise Linux A first-class citizen in Windows Azure Bruno Terkaly bterkaly@microsoft.com Principal Software Engineer Mobile/Cloud/Startup/Enterprise 1 First, I am software developer (C/C++, ASM, C#, Java, Node.js,

More information

depl Documentation Release 0.0.1 depl contributors

depl Documentation Release 0.0.1 depl contributors depl Documentation Release 0.0.1 depl contributors December 19, 2013 Contents 1 Why depl and not ansible, puppet, chef, docker or vagrant? 3 2 Blog Posts talking about depl 5 3 Docs 7 3.1 Installation

More information

Infrastructure, application services, and managed services - all in a single, integrated platform CENTURYLINK S END-TO-END MANAGEMENT SOLUTIONS:

Infrastructure, application services, and managed services - all in a single, integrated platform CENTURYLINK S END-TO-END MANAGEMENT SOLUTIONS: CenturyLink Cloud Infrastructure, application services, and managed services - all in a single, integrated platform Businesses like yours are moving their apps to CenturyLink Cloud. All signs point to

More information

Building a Continuous Integration Pipeline with Docker

Building a Continuous Integration Pipeline with Docker Building a Continuous Integration Pipeline with Docker August 2015 Table of Contents Overview 3 Architectural Overview and Required Components 3 Architectural Components 3 Workflow 4 Environment Prerequisites

More information

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds. ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

Mirantis OpenStack Express: Security White Paper

Mirantis OpenStack Express: Security White Paper Mirantis OpenStack Express: Security White Paper Version 1.0 2005 2014 All Rights Reserved www.mirantis.com 1 Introduction While the vast majority IT professionals are now familiar with the cost-saving

More information

Platform as a Service and Container Clouds

Platform as a Service and Container Clouds John Rofrano Senior Technical Staff Member, Cloud Automation Services, IBM Research jjr12@nyu.edu or rofrano@us.ibm.com Platform as a Service and Container Clouds using IBM Bluemix and Docker for Cloud

More information

Mobile Cloud Computing T-110.5121 Open Source IaaS

Mobile Cloud Computing T-110.5121 Open Source IaaS Mobile Cloud Computing T-110.5121 Open Source IaaS Tommi Mäkelä, Otaniemi Evolution Mainframe Centralized computation and storage, thin clients Dedicated hardware, software, experienced staff High capital

More information

Security Advice for Instances in the HP Cloud

Security Advice for Instances in the HP Cloud Security Advice for Instances in the HP Cloud Introduction: HPCS protects the infrastructure and management services offered to customers including instance provisioning. An instance refers to a virtual

More information

Virtualization Essentials

Virtualization Essentials Virtualization Essentials Table of Contents Introduction What is Virtualization?.... 3 How Does Virtualization Work?... 4 Chapter 1 Delivering Real Business Benefits.... 5 Reduced Complexity....5 Dramatically

More information

VMware vcenter Log Insight Security Guide

VMware vcenter Log Insight Security Guide VMware vcenter Log Insight Security Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Rally Installation Guide

Rally Installation Guide Rally Installation Guide Rally On-Premises release 2015.1 rallysupport@rallydev.com www.rallydev.com Version 2015.1 Table of Contents Overview... 3 Server requirements... 3 Browser requirements... 3 Access

More information

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security

WHITEPAPER INTRODUCTION TO CONTAINER SECURITY. Introduction to Container Security Introduction to Container Security Table of Contents Executive Summary 3 The Docker Platform 3 Linux Best Practices and Default Docker Security 3 Process Restrictions 4 File & Device Restrictions 4 Application

More information

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012

AT&T CLOUD SERVICES. AT&T Synaptic Compute as a Service SM : How to Get Started. Version 2.0 January 2012 Version 2.0 January 2012 AT&T CLOUD SERVICES AT&T Synaptic Compute as a Service SM : How to Get Started 2012 AT&T Intellectual Property. All rights reserved. Notice Copyright AT&T Intellectual Property.

More information

Zend and IBM: Bringing the power of PHP applications to the enterprise

Zend and IBM: Bringing the power of PHP applications to the enterprise Zend and IBM: Bringing the power of PHP applications to the enterprise A high-performance PHP platform that helps enterprises improve and accelerate web and mobile application development Highlights: Leverages

More information

RED HAT SOFTWARE COLLECTIONS BRIDGING DEVELOPMENT AGILITY AND PRODUCTION STABILITY

RED HAT SOFTWARE COLLECTIONS BRIDGING DEVELOPMENT AGILITY AND PRODUCTION STABILITY RED HAT S BRIDGING DEVELOPMENT AGILITY AND PRODUCTION STABILITY TECHNOLOGY BRIEF INTRODUCTION BENEFITS Choose the right runtimes for your project with access to the latest stable versions. Preserve application

More information

Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems

Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems RH413 Manage Software Updates Develop a process for applying updates to systems, including verifying properties of the update. Create File Systems Allocate an advanced file system layout, and use file

More information

19.10.11. Amazon Elastic Beanstalk

19.10.11. Amazon Elastic Beanstalk 19.10.11 Amazon Elastic Beanstalk A Short History of AWS Amazon started as an ECommerce startup Original architecture was restructured to be more scalable and easier to maintain Competitive pressure for

More information

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide July 2010 1 Specifications are subject to change without notice. The Cloud.com logo, Cloud.com, Hypervisor Attached Storage, HAS, Hypervisor

More information

RED HAT CONTAINER STRATEGY

RED HAT CONTAINER STRATEGY RED HAT CONTAINER STRATEGY An introduction to Atomic Enterprise Platform and OpenShift 3 Gavin McDougall Senior Solution Architect AGENDA Software disrupts business What are Containers? Misconceptions

More information

A new era of PaaS. ericsson White paper Uen 284 23-3263 February 2015

A new era of PaaS. ericsson White paper Uen 284 23-3263 February 2015 ericsson White paper Uen 284 23-3263 February 2015 A new era of PaaS speed and safety for the hybrid cloud This white paper presents the benefits for operators and large enterprises of adopting a policydriven

More information

PaaS solutions evaluation

PaaS solutions evaluation PaaS solutions evaluation August 2014 Author: Sofia Danko Supervisors: Giacomo Tenaglia Artur Wiecek CERN openlab Summer Student Report 2014 Project Specification OpenShift Origin is an open source software

More information

Information Technology Services Classification Level Range C Reports to. Manager ITS Infrastructure Effective Date June 29 th, 2015 Position Summary

Information Technology Services Classification Level Range C Reports to. Manager ITS Infrastructure Effective Date June 29 th, 2015 Position Summary Athabasca University Professional Position Description Section I Position Update Only Information Position Title Senior System Administrator Position # 999716,999902 Department Information Technology Services

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module June, 2015 WHITE PAPER Contents Advantages of IBM SoftLayer and RackWare Together... 4 Relationship between

More information

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module

Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module Migration and Building of Data Centers in IBM SoftLayer with the RackWare Management Module June, 2015 WHITE PAPER Contents Advantages of IBM SoftLayer and RackWare Together... 4 Relationship between

More information

IBM Bluemix. The Digital Innovation Platform. Simon Moser (smoser@de.ibm.com) @mosersd

IBM Bluemix. The Digital Innovation Platform. Simon Moser (smoser@de.ibm.com) @mosersd IBM Bluemix The Digital Innovation Platform Simon Moser (smoser@de.ibm.com) @mosersd Who am I? - Senior Technical Staff Member at IBM Research & Development Lab in Böblingen, Germany - Bluemix Application

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

Vistara Lifecycle Management

Vistara Lifecycle Management Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualized datacenters. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualized datacenters Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

HP Server Automation Standard

HP Server Automation Standard Data sheet HP Server Automation Standard Lower-cost edition of HP Server Automation software Benefits Time to value: Instant time to value especially for small-medium deployments Lower initial investment:

More information

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX

SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-

More information

Cisco Intercloud Fabric Security Features: Technical Overview

Cisco Intercloud Fabric Security Features: Technical Overview White Paper Cisco Intercloud Fabric Security Features: Technical Overview White Paper May 2015 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

How to Create a Simple Content Management Solution with Joomla! in a vcloud Environment. A VMware Cloud Evaluation Reference Document

How to Create a Simple Content Management Solution with Joomla! in a vcloud Environment. A VMware Cloud Evaluation Reference Document How to Create a Simple Content Management Solution with Joomla! in a vcloud Environment A VMware Cloud Evaluation Reference Document Contents About Cloud Computing Cloud computing is an approach to computing

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

Invest in your business with Ubuntu Advantage.

Invest in your business with Ubuntu Advantage. Invest in your business with Ubuntu Advantage. Expert advice. Specialist tools. Dedicated support. Introducing Ubuntu Advantage Contents 02 Introducing Ubuntu Advantage 03 Ubuntu Advantage 04 - Landscape

More information

Building a Private Cloud Cloud Infrastructure Using Opensource

Building a Private Cloud Cloud Infrastructure Using Opensource Cloud Infrastructure Using Opensource with Ubuntu Server 10.04 Enterprise Cloud (Eucalyptus) OSCON (Note: Special thanks to Jim Beasley, my lead Cloud Ninja, for putting this document together!) Introduction

More information

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.

Public Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc. Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

Alinto Mail Server Pro

Alinto Mail Server Pro Alinto Mail Server Pro Installation Guide Alinto Version 2.0.1 Index 1. Introduction....................................................................................... 1 2. Prerequisites......................................................................................

More information

Installation Runbook for Avni Software Defined Cloud

Installation Runbook for Avni Software Defined Cloud Installation Runbook for Avni Software Defined Cloud Application Version 2.5 MOS Version 6.1 OpenStack Version Application Type Juno Hybrid Cloud Management System Content Document History 1 Introduction

More information

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview Opsview in the Cloud Monitoring with Amazon Web Services Opsview Technical Overview Page 2 Opsview In The Cloud: Monitoring with Amazon Web Services Contents Opsview in The Cloud... 3 Considerations...

More information

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP

Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP Using SUSE Cloud to Orchestrate Multiple Hypervisors and Storage at ADP Agenda ADP Cloud Vision and Requirements Introduction to SUSE Cloud Overview Whats New VMWare intergration HyperV intergration ADP

More information

Remote Unix Lab Environment (RULE)

Remote Unix Lab Environment (RULE) Remote Unix Lab Environment (RULE) Kris Mitchell krmitchell@swin.edu.au Introducing RULE RULE provides an alternative way to teach Unix! Increase student exposure to Unix! Do it cost effectively http://caia.swin.edu.au

More information

VMware Identity Manager Connector Installation and Configuration

VMware Identity Manager Connector Installation and Configuration VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document

More information

RSA SecurID Ready Implementation Guide

RSA SecurID Ready Implementation Guide RSA SecurID Ready Implementation Guide Partner Information Last Modified: December 18, 2006 Product Information Partner Name Microsoft Web Site http://www.microsoft.com/isaserver Product Name Internet

More information

AppStack Technology Overview Model-Driven Application Management for the Cloud

AppStack Technology Overview Model-Driven Application Management for the Cloud AppStack Technology Overview Model-Driven Application Management for the Cloud Accelerating Application Time-to-Market The last several years have seen a rapid adoption for public and private cloud infrastructure

More information

Chapter 1 - Web Server Management and Cluster Topology

Chapter 1 - Web Server Management and Cluster Topology Objectives At the end of this chapter, participants will be able to understand: Web server management options provided by Network Deployment Clustered Application Servers Cluster creation and management

More information

Parallels Plesk Automation

Parallels Plesk Automation Parallels Plesk Automation Contents Get Started 3 Infrastructure Configuration... 4 Network Configuration... 6 Installing Parallels Plesk Automation 7 Deploying Infrastructure 9 Installing License Keys

More information

CloudPassage Halo Technical Overview

CloudPassage Halo Technical Overview TECHNICAL BRIEF CloudPassage Halo Technical Overview The Halo cloud security platform was purpose-built to provide your organization with the critical protection, visibility and control needed to assure

More information

New Features in PSP2 for SANsymphony -V10 Software-defined Storage Platform and DataCore Virtual SAN

New Features in PSP2 for SANsymphony -V10 Software-defined Storage Platform and DataCore Virtual SAN New Features in PSP2 for SANsymphony -V10 Software-defined Storage Platform and DataCore Virtual SAN Updated: May 19, 2015 Contents Introduction... 1 Cloud Integration... 1 OpenStack Support... 1 Expanded

More information

Centrify Server Suite Management Tools

Centrify Server Suite Management Tools SERVER SUITE TECHNICAL BRIEF Centrify Server Suite Management Tools Centrify Server Suite includes - at no extra charge - a powerful set of management tools in all editions: Centrify Identity Risk Assessor

More information

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet

IBM PowerSC. Security and compliance solution designed to protect virtualised data centres. Highlights. IBM Systems and Technology Data Sheet IBM PowerSC Security and compliance solution designed to protect virtualised data centres Highlights Simplify security management and compliance measurement Reduce administration costs of meeting compliance

More information

User Manual of the Pre-built Ubuntu 12.04 Virutal Machine

User Manual of the Pre-built Ubuntu 12.04 Virutal Machine SEED Labs 1 User Manual of the Pre-built Ubuntu 12.04 Virutal Machine Copyright c 2006-2014 Wenliang Du, Syracuse University. The development of this document is/was funded by three grants from the US

More information

Drive new Revenue With PaaS/IaaS. Ruslan Synytsky CTO, Jelastic

Drive new Revenue With PaaS/IaaS. Ruslan Synytsky CTO, Jelastic Drive new Revenue With PaaS/IaaS Ruslan Synytsky CTO, Jelastic 2 MISSING OUT ON CLOUD OPPORTUNITY? Many hosters today are missing out on a massive opportunity to provide an Amazon-beating public cloud

More information

P a g e 1. Teknologisk Institut. SysAdmin & DevOps Collection Online kursus k SysAdmin & DevOps Collection

P a g e 1. Teknologisk Institut. SysAdmin & DevOps Collection  Online kursus k SysAdmin & DevOps Collection P a g e 1 Online kursus k72751 SysAdmin & DevOps Collection P a g e 2 Title Estimated Duration (hrs) CompTIA A+ 220-801: Laptops 1 CompTIA A+ 220-801: Printers 1 CompTIA A+ 220-801: Operational Procedures

More information

Uptime Infrastructure Monitor. Installation Guide

Uptime Infrastructure Monitor. Installation Guide Uptime Infrastructure Monitor Installation Guide This guide will walk through each step of installation for Uptime Infrastructure Monitor software on a Windows server. Uptime Infrastructure Monitor is

More information

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits A Clear View of Challenges, Solutions and Business Benefits Introduction Cloud environments are widely adopted because of the powerful, flexible infrastructure and efficient use of resources they provide

More information

DCML Framework Use Cases

DCML Framework Use Cases DCML Framework Use Cases Introduction Use Case 1: Monitoring Newly Provisioned Servers Use Case 2: Ensuring Accurate Asset Inventory Across Multiple Management Systems Use Case 3: Providing Standard Application

More information

Symantec Client Management Suite 7.6 powered by Altiris technology

Symantec Client Management Suite 7.6 powered by Altiris technology Symantec Client Management Suite 7.6 powered by Altiris technology IT flexibility. User freedom. Data Sheet: Endpoint Management Overview With so many new devices coming into the workplace and users often

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

Desktop : Ubuntu 10.04 Desktop, Ubuntu 12.04 Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu 10.04 Server, Ubuntu 12.04 Server, CentOS 5, CentOS 6

Desktop : Ubuntu 10.04 Desktop, Ubuntu 12.04 Desktop Server : RedHat EL 5, RedHat EL 6, Ubuntu 10.04 Server, Ubuntu 12.04 Server, CentOS 5, CentOS 6 201 Datavoice House, PO Box 267, Stellenbosch, 7599 16 Elektron Avenue, Technopark, Tel: +27 218886500 Stellenbosch, 7600 Fax: +27 218886502 Adept Internet (Pty) Ltd. Reg. no: 1984/01310/07 VAT No: 4620143786

More information

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape

STRATEGIC WHITE PAPER. The next step in server virtualization: How containers are changing the cloud and application landscape STRATEGIC WHITE PAPER The next step in server virtualization: How containers are changing the cloud and application landscape Abstract Container-based server virtualization is gaining in popularity, due

More information