0
A Secure Cloud withA Secure Cloud with
Stackato Private PaaSStackato Private PaaS
John Wetherill
Ho Ming Li
August 28, 2013
Today’s Speakers
John Wetherill
Developer Evangelist
Ho Ming Li
Cloud Engineer
Topics LXC Containerization and App Isolation
Private PaaS and Security
SSL/SCP/DBShell
Sudo
Users/Groups
Audit Features
W...
Recent Events
LXC Containerization
LXC Namespace Isolation
isolate resources and processes
pid
net
ipc
mnt
uts
parent/child relationships
child has its own pid numbering
child has no visibility to parent
child has no visibility to si...
net namespace
each net namespace has its own network interfaces
each net has its own loopback interface
interface pairs ca...
mnt namespace
chroot, on steroids
sandbox a group of processes within a directory
each container has its own mount points ...
uts namespace
deals with hostname
each names has its own hostname
system calls that access hostname will “see” the contain...
Private PaaS and Security
SSL and Stackato
Stackato added SSL support to CloudFoundry
Stackato API is accessed over SSL
Web Console is accessed via ...
ssh and scp
ssh and scp access to each container
available only to container “owners” (users and admins)
allows visibility...
ssh scp
dbshell
provides access to underlying database
ssl tunnel is created to access interactive shell
MongoDB, MySQL, PostgreSQ...
dbshell
sudo access
users can be granted sudo access
allows root privileges, on container only
useful for backups and other “syste...
Demo: sudo
Miscellaneous Security Topics
BREACH resilience
Custom certs in Java apps
WebRTC
Demo: WebRTC
Thank you!
Any questions?
John Wetherill – johnw@activestate.com
Ho Ming Li – homingli@activestate.com
ActiveState
A Secure Cloud with Private PaaS
A Secure Cloud with Private PaaS
A Secure Cloud with Private PaaS
Upcoming SlideShare
Loading in...5
×

A Secure Cloud with Private PaaS

1,192

Published on

View recording here: http://www.activestate.com/webinars/secure-cloud

In study after study, enterprises rate cloud security as one of their top concerns when it comes to IT related issues. But what does security in the cloud really mean? How can you achieve a secure cloud without sacrificing flexibility, scalability, productivity and all the other great things that clouds offer?

In this webinar, John Wetherill and Ho Ming Li discuss how Stackato Private PaaS creates and maintains a secure cloud for your enterprise needs whether on a public, private or hybrid cloud. They also cover:
- LXC containerization
- Application isolation, AppArmor, and Multi-tenancy
- SSL support
- SSH, SCP, DBShell
- Use of SSHFS
- Sudo access
- External name or directory integration (LDAP, ActiveDirectory)
- User and group management
- Audit features

Watch now and learn how to achieve true cloud security with your own private PaaS!

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,192
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
17
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide
  • NOTES: Bart will tell a story of how we got into this space Dan will provide a real-world service-provider perspective on HP’s private cloud initiatives and vision
  • large enigneering teams pain: integration pain: security diversity using opensource: children’s hospital, largest anks healthcare, alzeimer’s association, clothing stores, auto manufacturers, online retilers, utilities graph databases
  • increased complexity
  • Transcript of "A Secure Cloud with Private PaaS"

    1. 1. A Secure Cloud withA Secure Cloud with Stackato Private PaaSStackato Private PaaS John Wetherill Ho Ming Li August 28, 2013
    2. 2. Today’s Speakers John Wetherill Developer Evangelist Ho Ming Li Cloud Engineer
    3. 3. Topics LXC Containerization and App Isolation Private PaaS and Security SSL/SCP/DBShell Sudo Users/Groups Audit Features WebRTC
    4. 4. Recent Events
    5. 5. LXC Containerization
    6. 6. LXC Namespace Isolation isolate resources and processes pid net ipc mnt uts
    7. 7. parent/child relationships child has its own pid numbering child has no visibility to parent child has no visibility to siblings each child has pid 1 (init-like) parent child child pid namespace
    8. 8. net namespace each net namespace has its own network interfaces each net has its own loopback interface interface pairs can span multiple containers enables talking to “outside world” example: multiple apache instances binding to port 80
    9. 9. mnt namespace chroot, on steroids sandbox a group of processes within a directory each container has its own mount points and root directory these are mapped into the top-level root filesystem no visibility or access to other containers’ mount points
    10. 10. uts namespace deals with hostname each names has its own hostname system calls that access hostname will “see” the container hostname all processes in uds namespace see their own hostname
    11. 11. Private PaaS and Security
    12. 12. SSL and Stackato Stackato added SSL support to CloudFoundry Stackato API is accessed over SSL Web Console is accessed via SSL non-ssl access also available SSL terminates at router Stackato-deployed apps can talk SSL to outside using their own certs
    13. 13. ssh and scp ssh and scp access to each container available only to container “owners” (users and admins) allows visibility to container’s: process space filesystems environment hostname network
    14. 14. ssh scp
    15. 15. dbshell provides access to underlying database ssl tunnel is created to access interactive shell MongoDB, MySQL, PostgreSQL Useful for importing data: $ stackato dbshell my-app mysql-service < mydata.sql Cloud Foundry “tunnel” command is also available
    16. 16. dbshell
    17. 17. sudo access users can be granted sudo access allows root privileges, on container only useful for backups and other “system” tasks Stackato API exposes ability to grant/revoke sudo access Applies to users and groups Can be managed via WebConsole too
    18. 18. Demo: sudo
    19. 19. Miscellaneous Security Topics BREACH resilience Custom certs in Java apps WebRTC
    20. 20. Demo: WebRTC
    21. 21. Thank you! Any questions? John Wetherill – johnw@activestate.com Ho Ming Li – homingli@activestate.com ActiveState
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×