📜 ⬆️ ⬇️

A bit about security in the "cloud": Experience IaaS-provider "1cloud"

Transferring infrastructure to the cloud has undeniable advantages, but it is also a rather subjective matter. Certain confusions are brought in by certain myths that are related to the issue of cloud security. Therefore, our task today is to share our own experience and talk about the work of our IaaS provider .


Photo tour of the "cloud" of 1cloud

In the course of work and communication with customers representing small and medium-sized businesses, we are faced with completely different approaches and attitudes towards information security. As in entrepreneurship itself, there is practically no limit to creativity, as long as there are resources.

As a result, we get a significant variation both in the level of staff training and in the solutions used. This state of affairs often simply does not allow companies to meet the level of training of the IaaS-provider team, which works on solving specialized problems not on a case-by-case basis, but on an ongoing basis.
')
Of course, we can say that there is no such thing as cloud service security at all, and in each case everything depends on the specific provider and the technologies used. One way or another, when using a virtual infrastructure, it is the provider that assumes a greater degree of security.

His task is to do everything possible to ensure the safety of data and their high availability. For this purpose, a whole range of solutions is applied: from restricting network access to client virtual servers by firewalls with protection against various attacks, to encryption both at the provider level (virtual disk storage) and at the client level (logical drives, user folders).

In our case, the client gets the opportunity to quickly restore data and settings using a backup-function , which can be independently managed using the configurator. Copies that are created automatically are kept for the entire duration chosen by the user. We have provided the ability to recover even if the server’s file system is completely unavailable, including as a result of irreversible user actions.

Such situations are possible, but we help minimize their number with the help of automated monitoring systems that warn users about the critical load on the server. Such an approach to automation of management saves customers from having to hire a dedicated specialist to work with virtual infrastructure.


NetApp DS2246 in 1cloud data center

If we talk about the placement of the infrastructure itself, then each of our data centers is a kind of “fortress”. The 1cloud equipment is located in the SDN data center in St. Petersburg, one of the largest and most modern data centers in the country, and the Dataspace data center in Moscow, whose services are available in trouble-free mode for more than three years.

Of course, such a “fortress” also needs a certain amount of energy resources. Here, as in the nuances related to backups, the IaaS provider cannot afford the initiative and focuses exclusively on the best practices in the industry. The 1cloud data center corresponds to the Tier III level and has its own distribution substation and eight dynamic uninterruptible power supplies with direct diesel support of 1600 kVA.

The device of our data center provides for the possibility of rapid response to changes in heat exchange conditions, which is one of the key factors for the sustainable operation of the data center. In addition to the standard cooling equipment, which is presented in the form of rotary heat exchangers, there is also the possibility of using the freon circuits of heat pumps. This approach allows you to effectively consume electricity and ensure the stable operation of the equipment.

All nodes of the 1cloud infrastructure are duplicated, which greatly reduces the risk of downtime, and the equipment used has high availability, security and performance (for more information about the hardware, see the link ). The concept of “availability of virtual infrastructure” IaaS-provider is supported by a service level agreement. It sets the level of equipment availability at 99.9% and implies financial guarantees from our side, the level of which directly depends on the actual availability indicators.

Not every small and medium business can afford such conditions of work and maintenance of data warehouses. In addition to financial resources and the level of training of specialists, one should also take into account the time that companies often miss when they are engaged in solving non-core tasks.

In the following materials we have tried to disassemble the main myths associated with working in the "cloud" and give basic advice to those who would like to take advantage of its capabilities:

Source: https://habr.com/ru/post/312260/


All Articles