This is the seventh in a series of posts that will drill deeper into cloud security and some of the key questions it sparks. In the sixth installment, I highlighted a few of our Cloud Tools Marketplace partners that specialize in cloud security. Today, I’ve invited Roy Feintuch, Co-founder and CTO at Dome9 Security, to discuss their solution in more depth.
This is a guest post written and contributed by Roy Feintuch, Co-founder and CTO at Dome9 Security, a Rackspace Cloud Tools partner. Dome9 Security automates server firewall management to provide secure, on-demand access and make your Rackspace servers virtually invisible to hackers.
You have loads of really powerful Rackspace servers - maybe a mix of dedicated and cloud machines with a variety of operating systems, and each has its own built-in firewall that needs to constantly be tweaked and tuned. What do you do?
Do you manually configure each server's firewall one by one? That's tedious and complex, especially if you're adding lots of rules into iptables via CLI and spending a great amount of time scripting your policies.
Wouldn't it be nice if you could create powerful security groups for your Rackspace servers and consolidate policy management with an easy-to-use front-end GUI? And wouldn't it be nice if you didn't have to leave ports like SSH and RDP open and exposed to brute force attacks and exploits?
Well, let me introduce you to Dome9 – a cloud firewall automation service.
Dome9 lets you create security groups for all of your Rackspace servers and configure access for specific users and services. You can centralize firewall policies for all your web servers into one security group, for example, and all of your databases into another. Then you just have to update two security groups from time to time, instead of each individual server manually.
In addition to grouping security rules, you can also group user access. You can quickly give your web developers access to the web servers security group, for example, and your DBAs access to the database servers group with just a few clicks - no command line or repetitious rules.
To set up security groups for Rackspace servers, simply:
- Create a Dome9 account at https://cloudtools.rackspace.com/apps/485?2134865784
- Install our lightweight Dome9 Agent on your Rackspace servers (Windows or Linux; dedicated or cloud)
- Create a Dome9 Security Group in Dome9 Central and create your rules
- Join your Rackspace servers to the new security group
Once your Rackspace servers are joined to your security groups, they automatically inherit their group's policy. Make a change to your security group policy (e.g., open MySQL on 3306), and the policy immediately propagates to all of the servers joined to that group.
“We use Dome9 security groups to manage and secure our servers on the Rackspace Cloud”
– Scott Donald, Co-founder and CTO of NodeSpot, a website and server monitoring service
You can create an unlimited number of security groups across operating systems and machine types (e.g., dedicated and cloud), and you can develop re-usable policy objects like IP whitelists (e.g., a set of trusted office IPs) that can be used in any of your security groups. You can even create blacklists that take effect across your entire cloud.
Security groups make it easy to consolidate policy management for your entire Rackspace infrastructure. They let you create powerful controls for security, access and compliance, and, frankly, they make your life a lot easier!
To learn more, check out Dome9 in the Rackspace Cloud Tools Marketplace, and try our service free for 30-days and start creating security groups for your Rackspace servers.