CloudyCluster follows industry security best practices as part of its automatic deployment.
These features can all be enabled through the web user interface.
- The control node deploys a VPC and all computational and storage resources are created within the VPC. As partof this deployment, all routing tables, gateways and firewalls are created protecting the VPC and the computing systems and data within. Encrypted connection to your dedicated GCS Storage Bucket is established for secure transfers within the GCP environment.
- The login instance performs the role of bastion host and is specifically designed and configured to withstand attacks.
- All permissions follow the philospohy of least necessary privileges, by assigning only the needed permissions to the GCP IAM roles required by the instances to perform their functions.
- Encrypted Block volumes for OrangeFS are enabled by default.
There are additional security features that can be enabled to meet various security requirements including:
- Lets-Encrypt for SSL Certificates, updated every 90 Days.
- Classless inter-domain routing (CIDR) is a set of Internet protocol (IP) standards that is used to create unique identifiers for networks and individual devices. The IP addresses allow particular information packets to be sent to specific computers.
While building your cluster, you can employ a single or multiple CIDR ranges to restrict access to your organization and follow internal security best practices.
- Multi-Factor Authentication following IETF RFC 6238 Time-Based One Time Password protocol.