CLOUD-A GUIDE TO CLOUD SECURITY

 

infosec2

Whether it is for compliance purposes, protecting trade secrets, or safeguarding sensitive client information, data security is a priority for every organization in any industry. With the rapid adoption of public cloud environments, it is imperative to understand how cloud affects how you secure your data. At the most basic level, it is understanding which parties are responsible for the different layers of security, so to clarify how this works with Cloud-A, we have created the Guide to Securing Your Data with Cloud-A.

It is Cloud-A’s responsibility to ensure that our infrastructure is bulletproof and that we follow security best practises, but once a client launches an instance, they have free reign to manage their cloud infrastructure as they please.

Here are some best practices and client responsibilities for securing your data with Cloud-A

Passwords 101

Password strength is the most basic layer of security in any scenario, but it is of the utmost importance. Weak passwords are a simple point of failure that the most amateur attacker can take advantage of. A strong password should be between 10 and 12 characters, it should have a mixture of uppercase and lowercase letters, as well as numbers and symbols. There are tools available to assist with creating and keeping track of your passwords.

Check out LastPass

Encryption is Key

Although the infrastructure that your Cloud-A instances reside on and the OpenStack platform that orchestrates and manages that infrastructure is built and managed with security as the top priority, it is the users responsibility to ensure that the drives of their cloud servers are protected. We recommend encrypting the drives (volumes) that are attached to your Cloud-A instances.  Encryption is a great way to keep your valuable data safe at rest, as it make your data unreadable to any unintended recipient. For more details on configuration and benefits, you can check out our blog post:  Encrypted Volumes: Linux Edition

Lock Down Security Groups

Cloud-A’s security group functionality allows you to create firewall rules that can be applied to your instances. Instances are launched with all of the ports locked down and you can create your own firewall rules that you can allocate to your instances. It is important to use inclusive firewall rules rather than exclusive. Exclusive firewall rules allow all traffic through except for the traffic matching the ruleset. Inclusive firewall rules do the reverse as they only allow traffic matching the rules through and block everything else. When creating your firewall rules, It is best practice to only allow internet access to servers that require it. You can use your internal networks created with Cloud-A’s virtual private networking to connect servers that do not require internet access.

Understand that Cloud Security is a Partnership

Once you launch an instance on Cloud-A, you have full control over that virtual machine. It is up to the end user, or the Cloud-A integration partner to manage that virtual machine, ensure that it is patched, updated and that it is used appropriately. There is a level of knowledge that is required to operate a server securely. If you do not have that level of knowledge in-house, we advise that you seek out an organization that can provide these services. Cloud-A can help recommend partners who can assist with these services. Many organizations with stringent requirements for data security require advanced security services such as intrusion protection and detection and live security monitoring. Cloud-A’s go-to security partner for these advanced security services is GoSecure.

 

CLOUD-A LAUNCHES DATA CENTRE RECYCLING PROGRAM

For immediate release

Cloud-A launches Data Centre Recycling Program

Halifax, NS – Dec 4, 2014 – Cloud-A Computing Inc., a Canadian OpenStack Public Cloud provider, announced today a new program dubbed the “Data Centre Recycling Program” focused on offsetting the capital expenditures invested in traditional infrastructure, allowing Enterprises to move from on-premise infrastructure to the cloud. Not only can customers leave their traditional, labour intensive infrastructure tasks behind, and run on a bullet-proof, secure, and modern cloud — but they can now be paid to do it.

The program compensates customers for any existing server hardware that becomes decommissioned as a result of moving traditional hardware or virtualization platforms to Cloud-A’s true, whitelabelled public cloud. Customers fill out information about their decommissioned hardware through Cloud-A’s website, they are provided with a quote for the value of the hardware within 72 hours, and if the quote is accepted, the value of the hardware is instantly credited to their Cloud-A account which can equate to months of zero-cost cloud computing. The server hardware is refurbished and reused through a network of recycling partners.

“The Data Centre Recycling program helps prove organization’s business cases for moving to the cloud.” Says Brandon Kolybaba, CEO, Cloud-A. “The benefits of this program are threefold. Customers are financially incentivized to move to our modern cloud platform, the retired server hardware becomes refurbished and reused, and Cloud-A continues to grow its customer base.” says Kolybaba.

The program is a result of market research performed by Cloud-A which determined that some of the hesitation organizations have about migrating to the cloud is related to the existing level of investment in on premise infrastructure. There are also green motives for this program.

About Cloud-A

Cloud-A is the leading provider of public cloud Infrastructure based in Canada. Their products automate & simplify the installation and management of the hardware and software that provides the infrastructure for large scale environments having hundreds or thousands of servers supporting high performance compute applications. For more information visit www.CloudA.ca

Contact

Geoff Sullivan, Channel Manager & Public Relations
5562 Sackville Street, Halifax, NS, B3J 1L1
1-855-925-6831 ext. 703
info@clouda.ca

CLOUDBERRY EXPLORER POWERED BY CLOUD-A BULK STORAGE

 

Cloudberry Lab is a company that makes backup and file management software for hybrid cloud environments, allowing users to backup or sync files from their local systems to the public cloud. While Cloudberry has paid products for backing up Windows servers and applications, they offer a piece of freeware called Cloudberry Explorer, which is a file manager that allows you to sync files from your Windows system to a number of public cloud options including OpenStack.

 

Create Cloud-A Bulk Volume Container

CloudBerry Explorer for OpenStack is built on OpenStack Swift technology, which means that users can use it with Cloud-A’s Bulk Storage ($0.075 per GB per month). You will need to create at least one Bulk Storage container by navigating to the storage tab in the Cloud-A dashboard and selecting “New Container.” Appropriately name your container and you are ready to download Cloudberry Explorer.

Tip: To keep your cloud-synced files organized, we recommend creating multiple Bulk Storage containers and treat them as if they were a folder directory on your local system.

 

Download Cloudberry

Navigate to http://www.cloudberrylab.com/download-thanks.aspx?prod=cbosfree and download CloudBerry Explorer for OpenStack Storage.

Simply follow the steps to completed the installation wizard program.

Authenticate to your Bulk Storage Container

Once CloudBerry Explorer has launched you will notice that the left side of the screen represents your local systems folder directory and the right represents cloud storage. On the cloud storage side click the source drop down menu and select:
<New Storage Account>

Select Cloud-A

cloudacloudberry

Then enter your specific credentials as follows:

  • Display name: email (Cloud-A login username)
  • User name: email (Cloud-A login username)
  • Api key: Cloud-A password
  • Authentication Service: https://keystone.ca-ns-1.clouda.ca:8443/v2.0/tokens
  • Tenant Name: email (Cloud-A login username)

Now Select “Test Connection” to ensure that the system has accepted your credentials.

If Test Connection fails, ensure that you have entered your credentials correctly. If you have entered your credentials correctly but are still receiving a “Connection Failed” error message, ensure that you have the correct ports open for Bulk Storage. Those ports are: 80, 443, 8443 and 8444.

If your credentials were entered correctly, the Bulk Storage container you created in the first step will appear in the file directory on the right side of the screen. To test the connection, select a test file from your local system, and select “Copy.” A transfer status message will appear briefly at the bottom of the screen and the file will copy from the left side of the screen and appear in your cloud storage container on the right.

To prove this concept, log into your Cloud-A dashboard and navigate to your new Bulk Storage container. You should see your test file.

Functional Use Cases:

  • Upload very large files, like 4K HD videos, disk images, or backup archives, in multiple pieces efficiently and have them downloaded / served as a single file using an Object Manifest to glue the data back together.
  • Archive data from old projects taking up unnecessary space on your production storage (CAD files, BIM files, PSD files.)
  • Use with Cloud-A Windows instances and move infrequently used, non-mission critical data of off high performing SSD volume storage.

Next Steps:

CloudBerry Explorer is a great way to manually sync files to Cloud-A, and a great introduction into hybrid cloud solutions. Check out some of CloudBerry Lab’s other products for more advanced features like scheduled backups and encrypting files.

TAKING LESSONS FROM DEVELOPERS FOR TRUE CLOUD ADOPTION IN THE IT CHANNEL

Untitled drawing (3)
Be it capital intensive in-house solutions powered by VMware and SAN technology or re-selling contracted collocated infrastructure, managed service providers have been offering some version of the “cloud” for the past decade or so.

Meanwhile, in a not-so-different industry, application developers have been leveraging  “new” cloud technology which allows for self serving, on-demand infrastructure, requires no upfront equipment cost, allows you to pay for what you use,  and with no buyer-lock in. This is known as the public cloud – powered by Openstack.

Many of the benefits of an Openstack public cloud that software development companies have been enjoying since the inception of the technology can also be enjoyed by a managed service provider. The disconnect? Many of the features of an Openstack public cloud that create these benefits are features that historically, have only mattered to a developer. The reality is, these features can be extremely valuable to an MSP as well.

Opensource

OpenStack is an opensource project and a community of thousands of developers who contribute to the ongoing growth of the product. While opensource isn’t typically a concept discussed in the IT channel, the concept ensures rapid and ongoing innovation, which in turn allows a MSP to introduce new functionality and features to their own clients.

In a highly competitive industry like the IT channel, differentiating your service from your competitors can make the difference between being competitive and being the leader. Offering your client base innovative, leading edge products and services creates value for your clients and a competitive edge for your business.

API Driven

APIs are what developers use to automate the process of connecting one application to another. Developers use APIs to link functionality of their products to existing products so that their end users don’t have to do it manually. Why would APIs matter to an MSP? Many of the manual, labour intensive processes MSPs would typically perform to manage their client’s infrastructure can be automated with an API driven public cloud.

More and more public cloud friendly applications are coming to market that integrate directly with public clouds through their APIs. Take Cloudberry Lab (www.cloudberrylab.com) as one example. Cloudberry makes products that synchronize and/or backup local systems to Openstack public clouds, among others. This functionality is driven by APIs.

API driven public clouds, and the abundance of available third party applications are enabling MSPs to expand their product and service portfolio, automate laborious processes and create more value for their clients.

Utility Billing

Developers enjoy the benefit of the bill-by-the-minute pricing model of the public cloud for building products, test environments, and other workflows where instances aren’t required to be powered on 24/7.

Utility billing sets MSPs free from hardware staging and allows them to avoid using expensive, production equipment for proof of concept testing and client demonstrations. The economics of the utility model also prevent MSPs from incurring long term colocation or dedicated server contracts, allowing them to add infrastructure as they add clients, and scale back infrastructure when it isn’t needed.

Call to Action

Cloud technology has changed, and it has created an excellent opportunity for MSPs to revolutionize their service delivery model with modern technology, streamlined process, reduced service labour costs, and more attractive economics. Developers have been realizing these benefits for years, and the time is now for MSPs to do the same to gain a competitive edge in their markets.

ownCloud: Infinite Expandability with Cloud-A’s Bulk Storage

dt-09-final-infinity

We previously published a blog post on creating an ownCloud server on Cloud-A’s public cloud, but we would like to build upon that and show just how expandable and agile a Cloud-A hosted ownCloud deployment can be by introducing bulk storage.

By leveraging our Bulk Storage powered by Swift, users can expand the size of their ownCloud deployment very quickly and inexpensively to facilitate growth. Unlike a hardware deployment, where you would purchase drive space up front to account for future growth, a Cloud-A deployment will allow an organization to scale their storage as needed on a pay-as-you-go utility model.

Getting Started

We will begin with the assumption that you already have an ownCloud deployment running on Cloud-A with administrator access to the program.

Create an Object Storage Container

From your Cloud-A dashboard, select “Storage” and then “Containers.” Select “New Container,” and name the new container.

Configure External Storage in ownCloud

ownCloud comes prepackaged with external storage support, but the functionality must be enabled in the “apps” dashboard of your ownCloud instance.  In the “apps” dashboard select “External storage support” on the left-hand side bar and enable it.

This will populate an External Storage section in your ownCloud Admin panel. Select “OpenStack Object Storage” from the “External Storage” dropdown menu and fill enter the following credentials:

Folder Name: Name your storage mount point.

User: Your Cloud-A username (your email address)

Bucket : The name of your Cloud-A container

Region: “regionOne”

Key: Your Cloud-A username

Tenant: your email address

Password: Your Cloud-A password

Service_name: “swift”

URL: https://keystone.ca-ns-1.clouda.ca:8443/v2.0

Timeout: Timeout of HTTP requests in seconds (optional)

If you have correctly input the information above and ownCloud accepts that information, a green dot will appear to the left of the folder name.

Validate External Storage

To further validate the access to the new external storage, go back to the main ownCloud screen by clicking the ownCloud logo in the top left corner, and select external storage. You should see your newly created ownCloud folder which points to your Cloud-A object storage powered by Swift.

Next Steps

Adding additional external object storage to your Cloud-A hosted ownCloud instance sets you free from the traditional limitations of hardware, allowing you to scale on demand. This is an ideal solution for any growing company looking to have control of their own data, but also have that data stored securely in Canada.

Stay tuned for the next post in our ownCloud series.

 

Creating Network Infrastructure in Dash

Dash is an extremely powerful web-based UI that helps users efficiently manage their cloud infrastructure. While we aim to make the initial setup process as quick and simple as possible, we also want to give administrators the flexibility to create networks and systems that fit exactly to their needs. Due to the variety of options and settings that users are presented with when setting their infrastructure up for the first time, we provide an Introduction Wizard to guide them through the process of creating a network, volumes, and instances. However, some of the choices for getting a core network setup and ready to place instances on can be confusing for beginners.

Read more