Security, Backups & DR/BC
Security
CloudyCluster follows industry security best practices as part of its automatic deployment.
- The control node deploys a VPC and all computational and storage resources are created within the VPC.
- The login instance performs the role of bastion host.
- All permissions follow the least necessary privileges philosophy by assigning only the needed permissions to the IAM roles required by the instances to perform their functions.
- There are additional security features that can be enabled to meet various security requirements including:
- Encrypted Block volumes for OrangeFS are enabled by default
- Multi-Factor Authentication
- Lets-Encrypt for SSL Certificates, updated every 90 Days
These features can all be enabled through the web user interface.
Business Continuity and Disaster Recovery Backups
- It is recommended that you backup data that is not easily reproducible to object storage
- If you automate the automatic deployment and deletion of your environment with Automaton, make sure your critical data is saved outside the environment before you delete it
- If you need real time BC or DR capabilities, you can run multiple CloudyCluster environments in different regions
Health Monitoring
CloudyCluster provides an overview page which displays the status of each component once a cluster is started. In addition the dashboard displays historical usage details. Detailed information about any errors encountered can be viewed on the administration page.
Best Practices & Considerations
CloudyCluster follows industry security best practices as part of its automatic deployment.
These features can all be enabled through the web user interface.
- The control node deploys a VPC and all computational and storage resources are created within the VPC. As partof this deployment, all routing tables, gateways and firewalls are created protecting the VPC and the computing systems and data within. Encrypted connection to your dedicated GCS Storage Bucket is established for secure transfers within the GCP environment.
- The login instance performs the role of bastion host and is specifically designed and configured to withstand attacks.
- All permissions follow the philospohy of least necessary privileges, by assigning only the needed permissions to the GCP IAM roles required by the instances to perform their functions.
- Encrypted Block volumes for OrangeFS are enabled by default.
There are additional security features that can be enabled to meet various security requirements including:
- Lets-Encrypt for SSL Certificates, updated every 90 Days.
- Classless inter-domain routing (CIDR) is a set of Internet protocol (IP) standards that is used to create unique identifiers for networks and individual devices. The IP addresses allow particular information packets to be sent to specific computers.
While building your cluster, you can employ a single or multiple CIDR ranges to restrict access to your organization and follow internal security best practices.
- Multi-Factor Authentication following IETF RFC 6238 Time-Based One Time Password protocol.
- Multi-Factor Authentication following IETF RFC 6238 Time-Based One Time Password protocol.