Glenn Brunette's Security Weblog

Update: Recent Cloud Security Happenings

Wednesday Nov 04, 2009

I have to say that it has been a very busy couple of weeks. That said, I am happy to say that there is a lot to show for everyone's effort however. We have been able to publish quite a lot of new and updated content, and I figured that it might be a good time to shine a spotlight on some of the more interesting items. Without further ado...

Cloud Computing Security Overview (delivered at Cloud Expo West Bootcamp)

Immutable Service Containers Technical Presentation (delivered at the OpenSolaris Developer Conference)
Immutable Service Containers AMIs (delivered on Amazon EC2)
Security Enhanced Drupal Stack AMI (delivered on Amazon EC2)
Security Enhanced AMP Stack AMI (delivered on Amazon EC2)

Going forward, we are going to try and bring together all of the Cloud Computing security content on our brand new Sun.COM Cloud Security home page. Be sure to check it out regularly!

More is coming, don't miss it!

Technorati Tag: OpenSolaris security cloudcomputing virtualization

Share and Enjoy!

Posted at 11:31PM Nov 04, 2009 by gbrunett in Cloud Computing Tags: amazon cloudcomputing isc opensolaris security virtualization

NEW: Immutable Service Container Podcast

Tuesday Aug 25, 2009

Things have certainly been busy around here lately! Over the last two months, we have announced the Immutable Service Container project, published an OpenSolaris-based ISC Construction Kit (Preview) and a corresponding pre-configured OVF image, shared a number of network architecture and autonomic security models leveraging the ISC concept, and even published an ISC Technical Overview presentation. Well, as it turns out, we are not done yet!

A few weeks back, I received an invitation from Marianne Salciccia to record an Innovation@Sun interview with Hal Stern (Distinguished Engineer and VP, Global Systems Engineering) where we would talk about Immutable Service Containers. I am happy to say that as of yesterday, the podcast is live!

Hal and I had a great chat where we discussed topics such as:

micro-virtualization: how adding a thin management layer between the hypervisor and the service lends reliability to security enforcement and monitoring controls
how "immutable" Immutable Service Containers are
how ISCs implement defense in depth measures
current implementations with Solaris and OpenSolaris
what's next for ISCs, including building core concepts into projects such as OpenSolaris on EC2, OpenSolaris Just Enough OS (JeOS); potential VirtualBox implementations; and integration of autonomic security techniques

If these topics sound interesting, please give the podcast a listen and let us know what you think! Work continues on the ISC architectural strategies and implementation models, so this is a great time to share your ideas, concerns, and requirements.

Hope to hear from you soon! Take care!

Technorati Tag: architecture security cloudcomputing virtualization

[1] Comments

Share and Enjoy!

Posted at 09:59AM Aug 25, 2009 by gbrunett in Cloud Computing Tags: architecture cloudcomputing isc opensolaris security virtualization

Sun SPARC Enterprise T5x20s: A Security Geeks Point of View

Tuesday Oct 09, 2007

What an exciting day! Today, Sun has officially launches the Sun SPARC Enterprise T5120 and T5220 rack-mount systems along with the Sun Blade T6320 blade server, the first to be designed for the UltraSPARC T2 processor. From the point of view of a security geek, there is a lot to be happy about. The UltraSPARC T2 has support for eight (8) cryptographic processing units, each of which supports ten (10) different cryptographic algorithms and a hardware-based random number generator. Lawrence has done a fantastic job of talking about these capabilities and performance if you are interested. It is simply mind blowing.

So, what else is new? Well, we now have actual servers that can leverage the computing power of these chips. This means that companies can now begin to rethink about how they have deployed cryptography in their environments. In particular, it is now much more practical to deploy cryptographic services more widely across an enterprise environment due to the performance gains achieved by offloading the work to the cryptographic processing units. For example, why not ensure that all of your internal web, directory and mail services are fitted for encryption? (Hint: you should be doing this already, but now you can do it while not sacrificing the performance of your CPUs!) Net-net: strong security + excellent performance + eco-friendly is a win-win for everyone.

In addition to enabling the wider use of cryptographic services, I would also encourage any organization to consider how the performance and power benefits of these systems can be applied to their existing environments and workloads. In particular, when used in concert with Sun's Logical Domains (LDoms) technology, organizations can get the benefits of performance, virtualization and security together in one system. Did I mention that today we are also announcing version 1.0.1 of our LDoms technology? Honglin has all the details. Of particular interest to us security geeks is the support for minimized and hardened logical domains! Combine that with the security isolation capabilities of the LDoms hypervisor, a boat-load of crypto performance, and a rock-solid, security, and scalable operating system - you just can't go wrong.

Talk about "zero cost security"! Taken as a whole, you get all of the performance (did I mention the 64 threads?), power and virtualization benefits with security just baked into the design! What's not to like? At least from where this security geek is standing, the view is simply unbeatable. See it all for yourself!

Glenn

Technorati Tag: UltraSPARC Niagara Solaris security

Share and Enjoy!

Posted at 01:28PM Oct 09, 2007 by gbrunett in General Security Tags: cmt crypto eco ldoms niagara security sparc sun t2 t5120 t5220 t6320 ultrasparc virtualization