Securing your Infrastructure
Machines in the Joyent Public are very secure. However, you can take steps to ensure machine security even further.
This topic shows you how to secure your SmartMachine or appliance. It also touches on the differences between security and disaster recovery in the Joyent Cloud.
In this topic:
In this section:
- Managing Authentication
- Machine Security Checklist
- SmartMachine Security Tools
- Backing up and Restoring Systems
- Managing SSL Certificates with Virtualmin
- Setting up a Bastion Host
- Working With Cloud Firewall Rules
Machines that you provision into the Joyent Cloud are encapsulated in a zone, which provides unparalleled security. In addition, machines in the Joyent Cloud have access to many tools that ensure your business critical applications are uncomprimised by malicious activity. However, security is not the same as protection against catastrophic failure. You should actively ensure business critical applications that you host on a machine in the Joyent Cloud are protected by some sort of disaster recovery system.
Zones are a virtualized instance of SmartOS (also known as a SmartMachine). Below are some facts and common misconceptions about SmartMachine security.
- ZFS preserves data integrity and protects against data corruption.
- ZFS supports snapshots and copy-on-write clones.
- SmartMachines provide a secure barrier to exposure from other systems in the cloud.
- SmartMachines provide a tamper-proof audit trail that is managed in a top-level management layer called the global zone.
- Still need to perform regular backups
- Still need to setup version control for your applications
- Need to maintain active firewall settings
- Need to implement monitoring, logging and alerting
- Should use configuration management and revision control
- ZFS is not a magic pill - your System Administrators are