SYS-CON.TV Webcasts
Jackbe: The Big A(architecture in AJAX)
Instantiations: Eclipse Rich Internet Platform with Taylor and Milinkovich
Yahoo!: Applying AJAX to Speed User's Journey
Enerjy Webcast: Java Code Quality Management
App Server Shoot-out: Microsoft, IBM, JBoss, Sun, BEA, and Oracle
Comments
By Reuven Cohen
rock333 wrote: At the IaaS Cloud layer virtualisation is going to be essential to allow the self service attributes, all painful and slow to do with physical hardware. Moving up the stack to PaaS and SaaS the use of virtualisation may, as you say, be less required if you put lots of smarts into your software. A lot of software does not have those smarts and by utalising virtualisation of the layers below can manipulate existing software architectures to have more cloudy attributes through automation (eg run load balancers and deploy more servers automagically). Over time, as new investment in software at...
Mar. 18, 2010 02:11 AM EDT
Cloud Expo on Google News
Did you read today's front page stories & breaking news?

SYS-CON.TV: Eclipse Adds SOA, AJAX, and Flex Tools. Guests Mike Milinkovich and Mike Tylor

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
SYS-CON.TV
Top Links You Must Click On


Commentary
Immutable Service Containers on Amazon EC2
We have been able to create ISCs in the Cloud on Amazon EC2! Using the OpenSolaris ISC Construction Kit

By: Glenn Brunette
Sep. 21, 2009 07:00 AM

Cloud Computing on Ulitzer

Back in June, we released the very first security hardened virtual machine images for the Amazon Web Services Elastic Compute Cloud (EC2) environment. These original images were based upon the OpenSolaris 2008.11 release and were configured in accordance with the guidelines published by Sun the Center for Internet Security.

Since its initial release, we have provided an update to offer this image in the European Region. In August, we took another step forward with the release of a security-enhanced image based upon the OpenSolaris 2009.06 release.

This image went beyond just the simple hardening of its predecessor to add functionality such as encrypted swap, non-executable stacks and auditing that was enabled by default. With such a strong foundation, it should have been no surprise that it was likely to be used as a foundation for layered functionality. Just this month, for example, we announced the release of an image pre-configured with Drupal (v6.10) along with Apache (v2.2), MySQL (v5.0), and PHP (v5.2).

In parallel, the Immutable Service Containers project was announced back in June. This project was focused on the creation of secure execution environments for services. One of the key deliverables from this project has been the OpenSolaris ISC Construction Kit (Preview) that transforms an OpenSolaris 2009.06 system into an ISC configuration. Interestingly, several of the functional elements used today as part of the security-enhanced AMIs actually got their start as part of the ISC Construction Kit.

This brings us to today.

For the first time, we have been able to create ISCs in the Cloud on Amazon EC2! Using the OpenSolaris ISC Construction Kit and the security-enhanced OpenSolaris 2009.06 AMI, we have deployed an ISC that exposes a representative service (in this case, a web server).

HELLO WORLD!
The nice thing about this is that the installation process was essentially the same as the one we used to create our pre-configured OVF image. There were two settings that needed to be adjusted in order for the ISC Construction Kit to properly work on EC2:

export ISC_SVCS_DOCK="fs network zone encrypted_scratch" export ISC_DOCK_NET_IF_NAME="xnf0" 





These two parameters had to be set before running the iscadm.ksh command. The first parameter simply removes steps that have already been completed in the base AMI (or are not needed for EC2). The second parameter changes the network interface name from e1000g0 (default) to xnf0 which is needed on EC2. That's all there was to it!



If you are interested in ISCs and how you can use them in your environment, I would love to hear from you!


Also, just in case you missed it, I had the pleasure of joining Hal Stern to discuss ISCs on a recent Innovating@Sun podcast. Check it out and send us your feedback! Thanks in advance!


























Read the original blog entry...

Published Sep. 21, 2009— Reads 2,280 
 

Copyright © 2009 SYS-CON Media, Inc. — All Rights Reserved.

Syndicated stories and blog feeds, all rights reserved by the author.







  

    
      
    
      
    
      
    
      
  






About Glenn Brunette
Glenn Brunette is a Distinguished Engineer and Chief Security Architect at Sun Microsystems.  For over 15 years, he has designed and delivered security architectures and solutions supporting a wide array of global customers. Currently, he has focused his efforts on improving security for cloud computing and other highly dynamic and scalable architectures. 





    

      






  



Enterprise Open Source Magazine Latest Stories . . .
By Zhiyong Li
Integrated Windows Authentication (IWA) provides a user-friendly interface for single sign-on. IWA uses ‘Simple and Protected GSSAPI Negotiation Mechanism’ (SPNEGO) to allow the initiators and acceptors to negotiate the underlying protocol to be used for authentication. In this article...
By Maureen O'Gara
Preternaturally quiet since a hedge fund offered to buy it two weeks ago and take it private, Novell stated on Wednesday that the open source Ingres database is available in the free SUSE Studio as part of the SUSE Appliance Program. Novell and Ingres are supposed to jointly support an...
By Jeremy Geelan
Cloud Computing Journal caught up with the CEO of a major new player in the fast-emerging Cloud ecosystem - a CEO who has taken an interesting and unusual decision. While signing up as the Platinum Plus Sponsor of the 5th International Cloud Expo, he and his company have decided to rem...
By Glenn Rossman
Open-Xchange, a provider of business-class open source collaboration software, today announced enhancements that give users telephone and fax integrated with e-mail, contacts, calendar and task information.
By combining Open-Xchange (hosted and on-premise editions) with Unified Commun...
By Lavenya Dilip
Home Energy monitoring products maker People Power has come out with an open source hardware and software application developer kit called SuRF that lets embedded systems developers build energy saving apps for household electronics and devices on top of its Open Source Home Area Netwo...
By Liz McMillan
Novell and Ingres Corporation on Wednesday announced the Ingres database is available within SUSE Studio as part of the SUSE Appliance Program. Both companies have entered into a cooperative agreement to make it easier and more cost-effective for independent software vendors (ISVs) and...
MORE »

    

    Subscribe to the World's Most Powerful Newsletters  

        




    

    Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!  

      





 




 Click to Add our RSS Feeds to the Service of Your Choice:




 
   Google Reader or Homepage 
   Add to My Yahoo!
   Subscribe with Bloglines
   Subscribe in NewsGator Online

   
   myFeedster

   Add to My AOL

   Subscribe in Rojo
   Add 'Hugg' to Newsburst from CNET News.com
   Kinja Digest
 View Additional SYS-CON Feeds








Publish Your Article! Please send it to editorial(at)sys-con.com! 
 



Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
 



  


  		
  

        




      




  




      








  




    

    SYS-CON Featured Whitepapers  

        




      




  



Most Read This Week
By Farshid Ketabchi
By Ray DePena
By Jeremy Geelan
By Carmen Gonzalez
By Maureen O'Gara
By Maureen O'Gara
By Jeremy Geelan
By Bob Gourley
By Peter Lubbers; Frank Greco
By Farshid Ketabchi
By Andreas Grabner
By Maureen O'Gara

      
ADS BY GOOGLE