Providing Insight Into the Cloud Computing Security, Privacy and Related Threats

Cloud Security Journal

Subscribe to Cloud Security Journal : eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get Cloud Security Journal : homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Glenn Brunette, a Distinguished Engineer at Sun Microsystems has just informed me of a new project released earlier today called "OpenSolaris Immutable Service Containers" which may form the basis for what he describes as "Autonomic Security". According to Brunette using Immutable Service Containers as a core cloud building block enables some very interesting use cases in the area of adaptive and autonomic cloud security architectures. Several potential use cases are shown in a diagram set posted on flickr.

For those unfamiliar with Immutable Service Containers (ISC), it is an architectural deployment pattern used to describe a foundation for highly secure service delivery. ISCs are essentially a container into which a service or set of services is configured and deployed. First and foremost, ISCs are not based upon any one product or technology. In fact, an actual instantiation of an ISC can and often will differ based upon customer and application requirements. That said, each ISC embodies at its core the key principles inherent in the Sun Systemic Security framework including: self-preservation, defense in depth, least privilege, compartmentalization and proportionality.

As part of a more holistic view, it is expected that Immutable Service Containers will form the most basic architectural building block for more complex, highly adaptive and autonomic security architectures. The goal of this project is is to more fully describe the architecture and attributes of ISCs, their inherent benefits, their construction as well as to document practical examples using various web-scale software applications.

Immutable Service Containers offer the following benefits over more traditional deployment models:

  • Consistent, repeatable and secure packaging for the deployment and management of services. "One service per container", configured once and deployed everywhere.
  • Specific and clear approach to integrating platform security with services to provide enhanced security beyond what is typically deployed in most IT organizations today.
  • Strategy for the implementation of recommended security practices in a focused, supported way.
  • Flexible security to accommodate a variety of application and operational requirements and scenarios.
Also interesing to note, support for Sun's VirtualBox is coming soon as well. This interesting project is certainly worth a closer look.

Read the original blog entry...

More Stories By Reuven Cohen

An instigator, part time provocateur, bootstrapper, amateur cloud lexicographer, and purveyor of random thoughts, 140 characters at a time.

Reuven is an early innovator in the cloud computing space as the founder of Enomaly in 2004 (Acquired by Virtustream in February 2012). Enomaly was among the first to develop a self service infrastructure as a service (IaaS) platform (ECP) circa 2005. As well as SpotCloud (2011) the first commodity style cloud computing Spot Market.

Reuven is also the co-creator of CloudCamp (100+ Cities around the Globe) CloudCamp is an unconference where early adopters of Cloud Computing technologies exchange ideas and is the largest of the ‘barcamp’ style of events.