Elastic Security

Icon

Security for the Cloud

July 30, 2009 • 16:35 2

Multi-tenant clouds and MPLS VPNs

People are comparing utility computing (such as provided by clouds) to electricity for instance.

I was wondering if the level of trust we put on multi-tenant clouds is the same as MPLS VPNs. Let me explain:

1. In MPLS VPNs we have to trust in:

  • The ISP
  • The MPLS protocol and its correct implementation
  • That no one can physically access to the networks

If this is too much to handle, we can encrypt the data.

2. On mutli-tenant clouds we have to trust in:

  • The cloud provider
  • The isolation between costumers data and virtual machines
  • That no one can physically access the virtual machine

And encryption is still an option.

However, unlike MPLS, for cloud isolation there is no specification done by a standard body like IETF and clouds are more complex (they include communication, computing and storage).

What do you think? Comments are welcome

Sergio

Filed under: Discussions

July 3, 2009 • 11:33 1

Amazon EC2 Roadmap: A Guesswork

Foto: estherase

Foto: estherase

Amazon play their cards close to the vest. They don’t have a public roadmap for their web-services including EC2 and feature announcements fall together with their immediate availability in beta-status. But probably they have at least an internal, well protected, and secret roadmap. Here’s some guesswork about the features that might be listed on that secret roadmap. You might also consider this a wishlist. What might be the next features that should be released?

Management

  • Group virtual instances by their functional roles (notion of deployment)
  • Meta-Information and names to better identify virtual instances
  • Generate image snapshots via a mouse-click
  • Support of different image formats (e.g. VMWare)

Security

  • User and Roles Management (Multiple API Credentials)
  • Encrypted Communication (VPNs between nodes)
  • Restrict API Firewall to specific IP Addresses
  • Access to API call audit logs to know who accessed your system via the API
  • File System Encryption

Networking

  • VLAN Support
  • Network management (monitor delay, bandwidth utilization, packet loss, …)
  • Bandwidth control and QoS
  • IP Multicast
  • Multiple IP addresses per Instance (e.g. to support multiple SSL endpoints per machine)

Accessibility

  • Multiple Instances accessing the same EBS
  • Clustering and Failover
  • Automatic Backup of EBS/S3 storages

Filed under: AWS, Discussions

Twitter Updates

Follow

Get every new post delivered to your Inbox.