Presentation covers various cyber security aspects that are stands behind the AAA-Level game projects. And what is most important it covers a practically proven way to provision own data (game services) in 22 geographical locations in 22 minutes, using opensource solution - OpenNebula and it's DDC features. During this 22 minutes you receive fully distributed mesh infrastructure, located in 22 different geo locations (datacenters) provisioned using only bare metal hardware servers, with preconfigured GNU/Linux OS and preconfigured VM on top of each server. Each server has own control server in own region with backconect to 'mother' server in central location with High Availability configured, own network segments in each datacenter, elastic IP's, Backend Transfer Facilities, Local BGP.
6. FACTS
Crytek is a leading, internationally operating developer and
publisher of video games
Known for world class IPs and products such as the original Far Cry, the Crysis
franchise, Ryse: Son of Rome and game–service Warface and HUNT SHOWDOWN
All Crytek games are built with the proprietary game development solution
CRYENGINE®
CRYENGINE is perfect for rich VR worlds and the new hardware is now capable of
bringing our ideas to life.
8. CRYENGINE®
is Crytek’s key differentiator for success
World leading game development software for sophisticated computer and video games
Highest graphics quality and unique Realtime-3D-Technology
Innovation leadership as a result of 15 years of development know-how
Licensed by numerous third-party game developers and publishers
Sole integrated all-in-one solution for games on platforms of the current and future generation:
CRYENGINE
18. Behind the game - OS
● Linux OS Standardization (according to req)
● Additional security configuration for repository signatures
● LVM configuration - different schemes per server purpose
● FDE / Partition encryption
● Ulimits settings
● Kernel / Network stack tuning
● CPU and IO schedulers patches and tuning
Nice to read about: oomd, earlyoom, nohang
19. Behind the game - OS
● Spectre / Meltdown mitigations (retpoline)
● Latest CPU microcode
● Kernel mitigations
● GCC (fstack-clash-protection | mindirect-branch)
● Userspace (qemu / libvirt)
20. Behind the game - OS
Linux Security Modules (LSM)
AppArmor |
SELinux |
TOMOYO
LoadPin
Smack
Yama
SafeSetID
21. Monitoring
● Zabbix + Zabbix proxy + zabbix.dll (server integration)
● Zabbix autodiscovery for every HW server
● Vulns - CVE across installed packets - integration with Zabbix
● Kibana (ELK)
● Graphana
● Monit
● Graphite
● Graylog
22. Monitoring 2
● rsyslog (official repos, not distro)
● Logwatch
● Gitlab for all configuration files (both game and /etc)
● cachet (for status page)
23. HW / Net capacity tracking
● OpenDCIM - racks map and interconnection
● IPAM - IP Address Management
● Eramba - GRC (+compliance)
36. Datacenter Evaluation
● PRICING QUESTIONS
● LOCATION QUESTIONS
● SPACE QUESTIONS
● NETWORK QUESTIONS
● POWER QUESTIONS
● COOLING QUESTIONS
● SECURITY QUESTIONS
● SUPPORT QUESTIONS
● CUSTOMER DEPLOYMENT QUESTIONS
● SERVICE LEVEL AGREEMENT QUESTIONS
37. Datacenter Evaluation
● ISO9001:2008, for quality management systems;
● ISO27001:2013, for information security;
● ISO14001:2004, for sustainability;
● PCI DSS 3.0, for information security for online payment;
● ISAE 3402 (comparable to SSAE 16) Type II, for service organization controls (SOC)
reports;
● IX Certified Data Center; for carrier-neutral colocation and interconnection.
● SAS 70 (Type 1 / Type 2)
● SSAE 16 (Type 1 / Type 2)
● SOC 1 / SOC 2 (Type 1 / Type 2) / SOC 3
42. Opennebula DDC
A solution for:
1. Scalability (elasticity) problems
2. Human / configuration errors
3. Time save (big amount of data + configuration at once)
4. P2P
5. Best alternative for cold racks