Biggest Mistakes Which Providers Make When Pricing IaaS Blog

Biggest Mistakes Which Providers Make When Pricing IaaS

When you launch any new type of service, one of the key challenges is getting your pricing right. In the case of IaaS providers, this is a crucial strategic step, determining your future success and potential profit. IaaS is a competitive market, and pricing such a service comes with a few key considerations. In this […]

The C-level Perspective on Running Open-Source Cloud with Ceph and CloudStack - Blog

The C-level Perspective on Running Open-Source Cloud with Ceph and CloudStack

The cloud and hosting market has experienced a complete transformation during the last decade. While previously there was a range of mid-sized local cloud providers dominating the market in each country, many providers were acquired by VC’s, larger providers, telcos and third-party enterprises in the last ten years. It is getting harder and harder for […]

Pricing IaaS the Right Way

Pricing Your IaaS Offering the Right Way

There is currently enormous market demand for Infrastructure as a Service (IaaS), with organisations looking for the right solution to host their applications and workloads, build a high-performing test/dev environment or deploy a hybrid cloud solution. Others, like telcos and MSPs, need to offer a full range of services to their customers, and the cloud […]

The Choice of Cloud Management Platform

How to Choose a Cloud Management Platform

As more and more companies build internal private clouds or enter the service provider market with public clouds, the more they will need the right set of tools to successfully build, manage and scale their Infrastructure as a Service (IaaS) platform. However – choosing the right technology stack can be a difficult decision. There are […]

Meltdown Spectre Logos | ShapeBlue Security Advisory - Spectre and Meltdown patches in CloudStack 4.9 and 4.11

ShapeBlue Security Advisory – Spectre and Meltdown patches in CloudStack 4.9 and 4.11

Overview At the beginning of 2018 a number of vulnerabilities were discovered which allow malicious user space processes to read kernel memory and malicious code in VM guests to read hypervisor memory. These vulnerabilities affect most CPU manufacturers – Intel, AMD, ARM, MIPS, etc. The vulnerabilities were nicknamed “Spectre” and “Meltdown” and are outlined in […]

CloudMonkey

ShapeBlue Security Advisory – DNSMasq Vulnerabilities

A number of security flaws were recently found in the DNSMasq tool. This tool is used by many systems to provide DNS and DHCP services, including by the CloudStack System VMs.
This advisory explains their affect on CloudStack and how to patch CloudStack against these flaws.

CloudMonkey

Migration away from download.cloud.com to download.cloudstack.org may cause problems in exisiting cloudstack installations and versions

Background Cloudstack relies on a fixed download site when it fetches the built-in guest VM templates. That download site has historically been download.cloud.com and is being replaced by download.cloudstack.org. Download.cloudstack.org is now fully functional. The retirement date of download.cloud.com is unknown but expected to be imminent The issue & behaviour After the retirement of download.cloud.com, […]

CloudMonkey

Shapeblue Security Advisory For CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

Overview Apache CloudStack provides a registerUserKeys API that allows a user to create or recreate a secret key and an API key to use for authentication when using the CloudStack API. A malicious user can request this API action in conjunction with the ID of another CloudStack user/account.  The newly created or re-generated API keys for […]

CloudMonkey

Shapeblue Security Advisory For CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

Overview Apache CloudStack contains an authentication module providing “single sign-on” functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication. Mitigation: Users of […]

Ghost

Shapeblue Security Advisory for CVE-2015-0235, aka the Ghost vulnerability

Overview A vulnerability has been recently disclosed by Qualys that could result in a remote attacker being able to execute malicious instructions on vulnerable systems. The vulnerability affects Linux based operating systems. This is better known as GHOST ‘glibc’ vulnerability (CVE-2015-0235): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 What is ShapeBlue Doing ShapeBlue has analysed the impact of this issue on Apache CloudStack (ACS).  The […]