Folks,
heres the tasks:
Structure of main doc: Richie
Structure of Security doc: Jeff
Jeff to send around the azure/aws 'fix'
investigate
AWS provisioning - Jeff
Azure Provisioning - Ying
AWS Scheduling - Richie
AWS Monitoring - Jeff
Azure Monitoring - Richie
Self Servicing
Heat - Jeff
Powershell - Richie
Any others - Ying
Migration - Clarify Requirement - Ying
Network Features - All (get it working between aws an azure)
thanks
Richie
Wednesday, 29 October 2014
Wednesday, 22 October 2014
Meeting minutes&Amended Proposal- 21Oct
After discussion in class on 20th Oct, the team have decided to amended project proposal based following key points:
1. we will provide a hybrid cloud solutions with 2 clouds where end users can request VMs on demand
2. it contains a primary cloud - either aws or azure and a secondary cloud - azure or aws depends on who is primary
3. first user request always
goes to primary cloud, only when primary cloud runs out of
capacity,in our demo, number of vms, requests will go to second cloud -
burst out
4. end users will not need to
know where their requested VMs are, all they do is " request a vm" and
one will be powered up based on availability from either cloud
5. the process will be seamless
6. the scope doesnt need to cover auto scaling at this time.
Sunday, 19 October 2014
Project Management Templates&Tools
Ying Tang
Came across a very useful project mangement tool and it is free to use as community edition. It has project schedule planner plus PM templates based on PRINCE2 methodology.
here is the link
http://www.projectinabox.org.uk/Community.asp
Came across a very useful project mangement tool and it is free to use as community edition. It has project schedule planner plus PM templates based on PRINCE2 methodology.
here is the link
http://www.projectinabox.org.uk/Community.asp
Cloudbusters.info
Folks,
I've made a bit of progress with the app.
I got the domain cloudbusters.info so you can access the site from there. its
I have 2 servers - a web server and a db server (Ubuntu on each - nginx for the web server and MySQL for the db). I installed wordpress on top.
I got a SSL cert as well but haven't applied it (thanks github package)
I think the best place to host the app is on openstack, (simply because we don't have to change the public ip every time I move my laptop to a different router) although i'll have to investigate more about how to do a bit of port forwarding there.
so my recommendation for the app is to build it on openstack and burst out into azure (I haven't yet been successful in doing anything on that - learning Ubuntu, nginx and how to build websites has taken up all my time)!!
anyway - the site will be up for this evening but down tomorrow during the day:
http://www.cloudbusters.info
PS - heres a bit of configuration on the azure side of things to enable a vpn (which thinking about it is the way to go for the load balanced FEs.
http://sebastianmaniak.com/2014/05/30/hybrid-cloud-with-azure-vpn-configuration-guide-hybridcloud-azure/
Still uploading the web and db server to openstack. i probably shouldnt have set the starting image size to 10gb - should have left it at the default.
Richie
I've made a bit of progress with the app.
I got the domain cloudbusters.info so you can access the site from there. its
I have 2 servers - a web server and a db server (Ubuntu on each - nginx for the web server and MySQL for the db). I installed wordpress on top.
I got a SSL cert as well but haven't applied it (thanks github package)
I think the best place to host the app is on openstack, (simply because we don't have to change the public ip every time I move my laptop to a different router) although i'll have to investigate more about how to do a bit of port forwarding there.
so my recommendation for the app is to build it on openstack and burst out into azure (I haven't yet been successful in doing anything on that - learning Ubuntu, nginx and how to build websites has taken up all my time)!!
anyway - the site will be up for this evening but down tomorrow during the day:
http://www.cloudbusters.info
PS - heres a bit of configuration on the azure side of things to enable a vpn (which thinking about it is the way to go for the load balanced FEs.
http://sebastianmaniak.com/2014/05/30/hybrid-cloud-with-azure-vpn-configuration-guide-hybridcloud-azure/
Still uploading the web and db server to openstack. i probably shouldnt have set the starting image size to 10gb - should have left it at the default.
Richie
Draft submission 1.1 and firewall research
Ying Tang
I have draft submission 1.1 completed to reflect changes/new ideas discussed by the team on 15th Oct.
The next step is to research what firewall to be deployed. An example firewall is Juniper SRX210 with the following features:
I have draft submission 1.1 completed to reflect changes/new ideas discussed by the team on 15th Oct.
The next step is to research what firewall to be deployed. An example firewall is Juniper SRX210 with the following features:
| Firewall performance (max) | 850 Mbps | |||||||
| IPS performance (NSS 4.2.1) | 65 Mbps | |||||||
| AES256+SHA-1 / 3DES+SHA-1 VPN performance | 85 Mbps | |||||||
| Maximum concurrent sessions | 64K | |||||||
| New sessions/second (sustained, TCP, 3-way) | 2,200 | |||||||
| Maximum security policies | 512 | |||||||
website build
Website Build
Richie Dennehy
My tasks are to research the cloud technology and the application. So I've started with the application.
I've got my copy of VMWare workstation installed on my laptop (thanks very much VCP) and have build a couple of ubuntu servers. On one i've installed apache, nginx and php, and on the other i have mysql.
so far I have:
1 * apache webserver (192.168.130.130)
1 * test apache webserver (192.168.130.132)
1 * mysql server (192.168.130.131)
I've secured the mysql server, and setup a user (wordpressuser) with full privileges.
I'll lock down the permissions later.
Installed and configured wordpress, and setup a new website.
split the db and web server and secure it:
Website IPs and network settings
I've set the ip addressing up. had to configure port forwarding on both my home router and in vmware workstation.
Bought the website cloudbusters.info.
Setup DNS pointing to cloudbusters.info
forwarded incoming connections from port 80 to port 8000
forwarded incoming connections from port 80 to port 8000
public website now up and running: www.cloudbusters.info
Bought a SSL Cert.
Next steps: 1. build a second webserver and a load balancer to split the traffic
2. bang the servers onto the private cloud and decide on the public cloud.
3. look at what firewall we can use
Wednesday, 15 October 2014
Day2-Research on hybrid cloud/cloud security
Started research on hybrid cloud and cloud security.
Some useful papers:
Hybrid cloud storage
http://www.storsimple.com/Portals/65157/docs/ESG-White-Paper-Microsoft-HCS-Nov-2013.pdf
Hybrid cloud security - VMware
www.frost.com/prod/servlet/cpo/272112250
Research on public cloud provider - openstack
https://openstack.cloudenci.ie/horizon
The vCloud Cloudburst Architecture Model:
ref: http://download3.vmware.com/vcat/documentation-center/Cloud%20Bursting/7%20Cloud%20Bursting.pdf
This picture accurately represents the cloudburst monitoring model which we are trying to achieve.
3. Firewall - Ying - hold off
5. App - Richie - figure out how to get the app up.
Some useful papers:
Hybrid cloud storage
http://www.storsimple.com/Portals/65157/docs/ESG-White-Paper-Microsoft-HCS-Nov-2013.pdf
Hybrid cloud security - VMware
www.frost.com/prod/servlet/cpo/272112250
Research on public cloud provider - openstack
https://openstack.cloudenci.ie/horizon
The vCloud Cloudburst Architecture Model:
ref: http://download3.vmware.com/vcat/documentation-center/Cloud%20Bursting/7%20Cloud%20Bursting.pdf
This picture accurately represents the cloudburst monitoring model which we are trying to achieve.
The security model:
1. use the security model (CSA 3.0)
2. Put port rules in place (firewalls)
3. Secure the site(s) - Certs/https
4. Encrypt relevant data (in the db) with certs
5. Run a pentest/hacking test
Next Steps:
Brief - All
circulate before the weekend - Ying
complete
complete
Research
Compliance
1. Security - Jeff - ongoing
2. Infrastructure (Arch) - Ying - ongoing
3. Options for Private/Public - Richie - Confirmed - AWS to Azure
Tech
1. Orchestrator - Jeff - going (autoscaling between the 2 clouds)
2. Load Balancer - Richie/Jeff - AWS Load balancer
4. Alerting system - Ying - aws alerting system
6. Connectors - Jeff - vpn - needs more
Azure
2. Load Balancer - Richie/Jeff - AWS Load balancer - investigate
3. Firewall - Ying - hold off
5. App - Richie - figure out how to get the app up. - Richie
Azure
1. Orchestrator - Ying
4. Alerting system - Ying - aws alerting system/azure alerting systems.
6. Connectors - richie/jeff/ying - vpn - need more - need to do it.
1. Investigate monitoring
2. Automatically deploy to the cloud
3.
Others
Running eucalyptus locally - jeff
vmware - richie
Project compliance:
Design - 15%
Tasks - write the arguments for each of the 2 private cloud models
1. Capacity (new vm requested) Richie
2. Load (auto scale) Ying/Jeff
Implementation of private cloud
Provision of public cloud
Implementation and documentation of private could
Demonstration of private cloud
Security
Approach and project planning
Selection of tools/methodologies/frameworks/benchmarking
technical testing approach
findings and risk rating
challenges and limitations
1. Investigate monitoring
2. Automatically deploy to the cloud
3.
Others
Running eucalyptus locally - jeff
vmware - richie
Project compliance:
Design - 15%
Tasks - write the arguments for each of the 2 private cloud models
1. Capacity (new vm requested) Richie
2. Load (auto scale) Ying/Jeff
Implementation of private cloud
Provision of public cloud
Implementation and documentation of private could
Demonstration of private cloud
Security
Approach and project planning
Selection of tools/methodologies/frameworks/benchmarking
technical testing approach
findings and risk rating
challenges and limitations
Subscribe to:
Posts (Atom)