On Thu, Jul 18, 2013 at 08:04:58PM +0000, Brian Galura wrote:
> I get the impression cloudstack was really designed for internal clouds. 

I wouldn't say that at all.  There are many public clouds using
CloudStack.

> Does anyone have recommendations for securing a publicly facing install?

That would be a great document / blog post to write, but I'm not aware
of one.

> 
> I saw recently there was a patch for rate limiting to mitigate some attacks 
> and we can have some network devices do some basic things in front of the 
> UI/API like ssl etc. 

Correct, and really that's where a provider has to spend the time.
Securing the management environment is the primary area of effort for a
provider, since CloudStack itself takes care of the tenants.  That
environment should (1) be built with redundancy in mind, (2) be
protected from the big bad Internet with appropriate FW and / or other
network security technologies.  Load balancing is also critical to add
somewhere, and would normally be the place where you would do your SSL
termination for access to the CloudStack API / UI.

OTOH, The method of protecting the customer environments will vary, depending
on the zone type and other network offering selections that the provider
makes.  

For example, let's assume an advanced networking zone using
VLANs for isolation.  In that environment, there is a "public" network
that can easily be tied to the Internet directly.  The VR's provide FW
services for the customer VMs.

Now, you can take it a step further and provide cloud-wide edge
security, but anything that limits the customer's ability to self
service firewall policies should probably be avoided (in the general
IaaS use case).  If an org is more comfortable using a hardware FW, then
that can be done as well.  Lots of flexibility is available for
deployment designs.

So to sum it up, CloudStack is *absolutely* designed for a public
provider.  You just have to think about how to configure your
environment correctly.  That's really out of scope from what CloudStack
itself should be handling.

-chip

Reply via email to