Biggest Mistakes Which Providers Make When Pricing IaaS Blog

Biggest Mistakes Which Providers Make When Pricing IaaS

When you launch any new type of service, one of the key challenges is getting your pricing right. In the case of IaaS providers, this is a crucial strategic step, determining your future success and potential profit. IaaS is a competitive market, and pricing such a service comes with a few key considerations. In this blog post, we share our experience working with IaaS providers on what factors to consider with your IaaS pricing. Mistake 1: Pricing According to the Hyperscalers Hyperscalers (eg. AWS, Microsoft Azure, GCP) dominate the IaaS market. They are starting to develop industry and functional expertise […]

The Choice of Cloud Management Platform

How to Choose a Cloud Management Platform

As more and more companies build internal private clouds or enter the service provider market with public clouds, the more they will need the right set of tools to successfully build, manage and scale their Infrastructure as a Service (IaaS) platform. However – choosing the right technology stack can be a difficult decision. There are several aspects that should be considered, such as planning for future growth and demand, team size, budget, project timeframe, previous experience, available hardware and the underlying infrastructure already in place. In this article, we will focus on the platforms that enable you to provision IaaS […]

Machine Brain | CloudStack

Machine Learning and Apache CloudStack | Case Studies

Introduction In this blog we discuss applications of machine learning (ML) in datacenters and how that might integrate with Apache CloudStack (ACS). We also try to identify various places in the lifecycle of datacentres where such tools can be helpful. With any datacentre deployment, the primary goal is to achieve efficient resource provisioning whilst also maintaining performance and availability. Datacentres have become complex and multidimensional, both in terms of software and hardware, and we should also consider a hybrid hosting character. Maintaining an optimal deployment with minimal downtime is consequently becoming more challenging with manual operations. Recent trends show some […]

Meltdown Spectre Logos | ShapeBlue Security Advisory - Spectre and Meltdown patches in CloudStack 4.9 and 4.11

ShapeBlue Security Advisory – Spectre and Meltdown patches in CloudStack 4.9 and 4.11

Overview At the beginning of 2018 a number of vulnerabilities were discovered which allow malicious user space processes to read kernel memory and malicious code in VM guests to read hypervisor memory. These vulnerabilities affect most CPU manufacturers – Intel, AMD, ARM, MIPS, etc. The vulnerabilities were nicknamed “Spectre” and “Meltdown” and are outlined in the following CVEs: Spectre variant 1 – Bounds Check Bypass: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5753 Spectre variant 2 – Branch Target Injection: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5715 Meltdown variant 3 – Rogue Data Cache Launch: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5754 From a CloudStack point of view the main affected components are the system VM templates. This advisory outlines the fix provided […]

CloudMonkey

ShapeBlue Security Advisory – DNSMasq Vulnerabilities

A number of security flaws were recently found in the DNSMasq tool. This tool is used by many systems to provide DNS and DHCP services, including by the CloudStack System VMs.
This advisory explains their affect on CloudStack and how to patch CloudStack against these flaws.

CloudMonkey

Migration away from download.cloud.com to download.cloudstack.org may cause problems in exisiting cloudstack installations and versions

Background Cloudstack relies on a fixed download site when it fetches the built-in guest VM templates. That download site has historically been download.cloud.com and is being replaced by download.cloudstack.org. Download.cloudstack.org is now fully functional. The retirement date of download.cloud.com is unknown but expected to be imminent The issue & behaviour After the retirement of download.cloud.com, the following issues may be experienced: When installing CloudStack for the first time, failures will occur when downloading the built-in templates For existing installations of CloudStack, if administrators or users attempt to re-download a template (for example when creating a new zone) failures will occur. Versions […]

CloudMonkey

Shapeblue Security Advisory For CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

Overview Apache CloudStack provides a registerUserKeys API that allows a user to create or recreate a secret key and an API key to use for authentication when using the CloudStack API. A malicious user can request this API action in conjunction with the ID of another CloudStack user/account.  The newly created or re-generated API keys for this other user would then be returned to the malicious user, giving them access the other user’s account and resources. The issue affects all users of CloudStack 4.1 and above. NOTE: In order to exploit this vulnerability the malicious user must themselves have authenticated API […]

CloudMonkey

Shapeblue Security Advisory For CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

Overview Apache CloudStack contains an authentication module providing “single sign-on” functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication. Mitigation: Users of Apache CloudStack using the SAML plugin should upgrade to one of the following versions, based on which release they are currently using: 4.5.2.1, 4.6.2.1, 4.7.1.1, or 4.8.0.1. These versions contain only security updates, and no other functionality change. Versions affected: CloudStack versions 4.5.0 and newer […]

Ghost

Shapeblue Security Advisory for CVE-2015-0235, aka the Ghost vulnerability

Overview A vulnerability has been recently disclosed by Qualys that could result in a remote attacker being able to execute malicious instructions on vulnerable systems. The vulnerability affects Linux based operating systems. This is better known as GHOST ‘glibc’ vulnerability (CVE-2015-0235): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235 What is ShapeBlue Doing ShapeBlue has analysed the impact of this issue on Apache CloudStack (ACS).  The download template functionality provided by the SSVM to the end user puts it at risk. Since it is a linux issue all the Apache CloudStack versions are affected.  An immediate fix would be to login into each SSVM and upgrade the glib package to the one that […]

Granular Access Controls in CloudStack | CloudStack Feature Deep Dive

Retirement of the realhostip.com Service

The realhostip.com service will be switched off on the 1st October 2014. Paul Angus looks at what it did, what effect the retirement will have and what you need to do to carry on working if you’re affected. What is realhostip.com? When you connect to the Console Proxy system VM or download a disk or ISO from the secondary storage VM you connect over a secure (https) connection. This is particularly important when you put in your password.  In order for this to be secure you need to connect to a URL which has a FQDN and have a certificate […]