As Brian Adler, senior cloud solutions architect at RightScale recently wrote in his blog entitled “20 Ways to Fine-Tune Your Cloud Environment,” cloud deployments require tune ups. Why? Over time cloud deployments grow organically in ways that you never plan. Sometimes you have to do things quickly to solve an immediate issue and you never go back and do it by the book – and when things are working, there’s a tendency not to mess with them.
A tune-up of your cloud environment can potentially save you money and improve your performance.
Brian looked at 20 great ways organizations can fine-tune cloud environments across cost optimization, HA/DR and server utilization.
In terms of security, Brian offers a few tips:
1. Take Advantage of Security Groups
If the cloud you’re on provides security groups, use them. Security groups give you the ability to specify a range of IP addresses and a range of ports and specify whether all the entries in each group are allowed in or not allowed in. You can nest security groups to set up an easy-to-manage hierarchy.
2. Check Your Firewalls
Look at your iptables rules and make sure that they’ve been enabled. Run the iptables recipe and check the output for ports that should not be open to the world and other potential problems. If you have open ports, make sure they need to be open, and make sure you know who they’re open to.
3. Deploy Security Updates
Just like in your data center, you need to make sure your cloud servers are up-to-date with the latest security fixes. For RightScale users, the latest version 13.5 of RightScale ServerTemplates™ has recipes to let you unfreeze security repositories for Ubuntu and upstream repos for CentOS and perform security updates, and we have similar functionality for Windows Updates as well.
4. Keep Secrets Secret
Think about how you are managing your cloud credentials. Use named credentials as placeholders for all sensitive inputs. Don’t expose things like passwords as plain text, and thereby make them visible to people with only observer privileges.
As Brian concludes, it is important for many reasons to clean up cloud deployment sprawl. In terms of security, this includes opening up only what you have to.
About the Author: Bret Clement heads global communications for RightScale.