[PetiteCloud] how much security?
Michael Thoreson
m.thoreson at c4labs.ca
Thu Feb 13 14:38:48 PST 2014
I was thinking a similar thing. There was a project I came across years
ago and I can't seem to find it again, kicking myself that I didn't
write it down.
Basically it was setup as a nothing shared platform that could start
with an AIO node and add additional nodes as the need arises. It
wouldn't mirror data to all nodes but would make sure there was N
redundant copies of all data in the event of a node failure and then
restart that VM on a different node. It was also smart enough to load
balance vm\nodes based on hardware capacity. It could also consolidate
vm's onto less nodes when demand was low and power down the extra nodes,
then restart them at a predefined time or as load increases.
This way there is no need for large sans and nodes can be built with
SSD's as they are dropping in price quickly now. I saw a 1TB Samsung
540MB/s read and 520MB/s write retailing between $600 and $700 Canadian.
So building super fast clouds can be very easy for the end user. We just
need flexible setup routines and lots of controls to prevent fubars and
pebkacs.
Michael Thoreson,
On 13/02/2014 4:20 PM, Aryeh Friedman wrote:
> User I can see and perhaps one small step of small departmental sized
> units having "clouds with in clouds" but I do not see full fledged
> "tenants" like RackSpace or large corporate divisions as being needed
> nor desirable... the reason is once you get off the rack in a typical
> data center you run into many situations far beyond your (or anyone's)
> control or understanding for example why have vast disk arrays some
> where off in the clouds when anything except HUGE DATA applications
> would need more then what can be offered on rack if you make a single
> intergrated cloud on a single rack
>
>
> On Thu, Feb 13, 2014 at 4:59 PM, Michael Thoreson
> <m.thoreson at c4labs.ca <mailto:m.thoreson at c4labs.ca>> wrote:
>
> Single admin will only work with hobbiest, extreme home users and
> small firms. Big firms will want multiple admins for
> accountability and central management of those admins be it
> something in PC itself or an AD\LDAP setup.
>
> If you have even 2 admins using a single admin account, how do you
> figure out who did what in the event an admin decided to be malicious.
>
> Michael Thoreson,
>
>
> On 13/02/2014 3:43 PM, Aryeh Friedman wrote:
>
> These all seem like great plugins but I am a little hesitant
> to bring such a large layer 1 service down in to the
> foundation... better might be to offer an API for the layer 1
> to control it... for DIY clouds the admin can pick whatever
> they want but my personal recommendation would be if possible
> a single admin and users use instances not PC it self
>
>
> On Thu, Feb 13, 2014 at 4:35 PM, Michael Thoreson
> <m.thoreson at c4labs.ca <mailto:m.thoreson at c4labs.ca>
> <mailto:m.thoreson at c4labs.ca <mailto:m.thoreson at c4labs.ca>>>
> wrote:
>
> Password authentication would be sufficient in the early
> stages
> but perhaps there should be minimum length and complexity
> requirements. Also make sure that whatever password
> storage back
> end used will store the passwords safely and effectively.
> Adding
> AD and LDAP support would be of big interest in companies. The
> support can either be direct PC to AD\LDAP or perhaps PC could
> have an option to use to already existing host users and
> groups
> which would include AD\LDAP users if the host is setup before
> hand. This is of course won't work if the idea of PC is
> going to
> be including it's own OS, but I assume PC will just be
> installed
> on whatever host OS the admin chooses.
>
> Michael Thoreson,
>
>
>
> On 13/02/2014 11:39 AM, Aryeh Friedman wrote:
>
> If petitecloud's goal is only to control stuff at level 0
> (even if in large clusters) then it is almost certain
> the only
> login would be from the admins and only then if
> something went
> wrong (we assume that layer 1 will be controlling us
> via an
> API) whould they login... given the above is just having a
> single password good enough security (for now)... i..e no
> users, tenants, etc.... the idea is we can skip right to
> clustering then come back to security as we start to need
> handle multiple users all with the same level of access.
>
> -- Aryeh M. Friedman, Lead Developer,
> http://www.PetiteCloud.org
>
>
> _______________________________________________
> petitecloud-general mailing list
> petitecloud-general at lists.petitecloud.nyclocal.net
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net>
>
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net>>
>
> http://lists.petitecloud.nyclocal.net/listinfo.cgi/petitecloud-general-petitecloud.nyclocal.net
>
>
> _______________________________________________
> petitecloud-general mailing list
> petitecloud-general at lists.petitecloud.nyclocal.net
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net>
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net>>
>
> http://lists.petitecloud.nyclocal.net/listinfo.cgi/petitecloud-general-petitecloud.nyclocal.net
>
>
>
>
> --
> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>
>
> _______________________________________________
> petitecloud-general mailing list
> petitecloud-general at lists.petitecloud.nyclocal.net
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net>
> http://lists.petitecloud.nyclocal.net/listinfo.cgi/petitecloud-general-petitecloud.nyclocal.net
>
>
> _______________________________________________
> petitecloud-general mailing list
> petitecloud-general at lists.petitecloud.nyclocal.net
> <mailto:petitecloud-general at lists.petitecloud.nyclocal.net>
> http://lists.petitecloud.nyclocal.net/listinfo.cgi/petitecloud-general-petitecloud.nyclocal.net
>
>
>
>
> --
> Aryeh M. Friedman, Lead Developer, http://www.PetiteCloud.org
>
>
> _______________________________________________
> petitecloud-general mailing list
> petitecloud-general at lists.petitecloud.nyclocal.net
> http://lists.petitecloud.nyclocal.net/listinfo.cgi/petitecloud-general-petitecloud.nyclocal.net
More information about the petitecloud-general
mailing list