Biggest Mistakes Which Providers Make When Pricing IaaS Blog

Biggest Mistakes Which Providers Make When Pricing IaaS

When you launch any new type of service, one of the key challenges is getting your pricing right. In the case of IaaS providers, this is a crucial strategic step, determining your future success and potential profit. IaaS is a competitive market, and pricing such a service comes with a few key considerations. In this […]

The C-level Perspective on Running Open-Source Cloud with Ceph and CloudStack - Blog

The C-level Perspective on Running Open-Source Cloud with Ceph and CloudStack

The cloud and hosting market has experienced a complete transformation during the last decade. While previously there was a range of mid-sized local cloud providers dominating the market in each country, many providers were acquired by VC’s, larger providers, telcos and third-party enterprises in the last ten years. It is getting harder and harder for […]

Pricing IaaS the Right Way

Pricing Your IaaS Offering the Right Way

There is currently enormous market demand for Infrastructure as a Service (IaaS), with organisations looking for the right solution to host their applications and workloads, build a high-performing test/dev environment or deploy a hybrid cloud solution. Others, like telcos and MSPs, need to offer a full range of services to their customers, and the cloud […]

The Choice of Cloud Management Platform

How to Choose a Cloud Management Platform

As more and more companies build internal private clouds or enter the service provider market with public clouds, the more they will need the right set of tools to successfully build, manage and scale their Infrastructure as a Service (IaaS) platform. However – choosing the right technology stack can be a difficult decision. There are […]

Machine Brain | CloudStack

Machine Learning and Apache CloudStack | Case Studies

Introduction In this blog we discuss applications of machine learning (ML) in datacenters and how that might integrate with Apache CloudStack (ACS). We also try to identify various places in the lifecycle of datacentres where such tools can be helpful. With any datacentre deployment, the primary goal is to achieve efficient resource provisioning whilst also […]

Meltdown Spectre Logos | ShapeBlue Security Advisory - Spectre and Meltdown patches in CloudStack 4.9 and 4.11

ShapeBlue Security Advisory – Spectre and Meltdown patches in CloudStack 4.9 and 4.11

Overview At the beginning of 2018 a number of vulnerabilities were discovered which allow malicious user space processes to read kernel memory and malicious code in VM guests to read hypervisor memory. These vulnerabilities affect most CPU manufacturers – Intel, AMD, ARM, MIPS, etc. The vulnerabilities were nicknamed “Spectre” and “Meltdown” and are outlined in […]

CloudMonkey

ShapeBlue Security Advisory – DNSMasq Vulnerabilities

A number of security flaws were recently found in the DNSMasq tool. This tool is used by many systems to provide DNS and DHCP services, including by the CloudStack System VMs.
This advisory explains their affect on CloudStack and how to patch CloudStack against these flaws.

CloudMonkey

Migration away from download.cloud.com to download.cloudstack.org may cause problems in exisiting cloudstack installations and versions

Background Cloudstack relies on a fixed download site when it fetches the built-in guest VM templates. That download site has historically been download.cloud.com and is being replaced by download.cloudstack.org. Download.cloudstack.org is now fully functional. The retirement date of download.cloud.com is unknown but expected to be imminent The issue & behaviour After the retirement of download.cloud.com, […]

CloudMonkey

Shapeblue Security Advisory For CVE-2016-6813: Apache CloudStack registerUserKeys authorization vulnerability

Overview Apache CloudStack provides a registerUserKeys API that allows a user to create or recreate a secret key and an API key to use for authentication when using the CloudStack API. A malicious user can request this API action in conjunction with the ID of another CloudStack user/account.  The newly created or re-generated API keys for […]

CloudMonkey

Shapeblue Security Advisory For CVE-2016-3085: Apache CloudStack Authentication Bypass Vulnerability

Overview Apache CloudStack contains an authentication module providing “single sign-on” functionality via the SAML data format. Under certain conditions, a user could manage to access the user interface without providing proper credentials. As the SAML plugin is disabled by default, this issue only affects installations that have enabled and use SAML-based authentication. Mitigation: Users of […]