Building a Compliant IaaS with Apache CloudStack
Deploying Infrastructure-as-a-Service (IaaS) platforms in regulated sectors—such as government, defense, finance, and healthcare—often comes with strict requirements around data protection and cryptographic assurance. These requirements are typically based on standards such as FIPS 140-2, which define how cryptographic modules must be implemented, validated, and used in production systems. For cloud providers and contractors delivering services […]
Creating a Load Balancer with SSL Offloading | CloudStack Feature Deep Dive
This article explains how to use SSL offloading with Apache CloudStack starting from version 4.22.0, enabling HTTPS termination directly on the Virtual Router. This reduces CPU load on backend Instances, simplifies SSL certificate management, and centralises TLS security settings. It covers: What SSL offloading is and its key benefits. How to upload and manage SSL […]
Delete Protection for Instances and Volumes | CloudStack Feature First Look
Introduced in CloudStack 4.20, the Delete Protection feature mitigates the risk of accidental deletion for Instances and Volumes. This feature addresses a common challenge in cloud environments, where users may unintentionally delete critical resources, leading to potential data loss, service disruptions, and costly recovery efforts. Delete Protection works by allowing users to enable a safeguard […]
CloudStack OAuth2 | CloudStack Feature First Look
Organisations that manage diverse user bases and want to ensure secure access to their environments often seek to implement standardised authentication protocols in their IT ecosystems. OAuth2, recognised for its wide adoption in token-based authentication, has become widely used for ensuring secure access for users, ensuring the protection of their credentials, and granting access only […]
Two-factor Authentication in Apache CloudStack l CloudStack Feature First Look
Introduction Two-Factor Authentication (2FA) is an authentication method where a user is authorised to login into a system only after successfully presenting two pieces of data, or factors. Something that the user knows plus something which the user possesses. Apache CloudStack 4.18 introduces a 2FA framework designed to bolster security when users access the platform. […]
Volume Encryption l CloudStack Feature Deep Dive
Introduction Everyone would agree that data is the most important thing in the cloud today, and after so many breaches, encrypting data is increasingly popular among cloud service providers. Adding this additional security layer can make it even more difficult for unauthorized users to access your precious data. In this article, I’d like to introduce […]
New CloudStack Database Encryption Engine l CloudStack Feature Deep Dive
Introduction As part of its security capabilities, Apache CloudStack encrypts sensitive information such as user credentials and passwords. For over a decade, Apache CloudStack has used the StandardPBEStringEncryptor from the jasypt library to encrypt data. However, the encryption algorithm used by this library, “PBEWithMD5AndDes” is now considered insecure because it relies on outdated cryptographics, namely […]
Ensuring CloudStack Perimeter Security with Two Factor Authentication and Time-based OTP
Control and oversight of who can access an organization’s computer systems and networks and the actions they can perform are referred to as user access security perimeter. This aspect of perimeter security is essential in preventing unauthorized access and safeguarding sensitive information. Securing user access to Apache CloudStack, where vital components of the business layer […]
Securing Your Data with Volume Encryption in Apache CloudStack
Protecting sensitive data is crucial in the face of growing cyber-attacks, meaning robust security measures are necessary. While backup and disaster recovery (BDR) play a significant role in data protection, other technologies such as volume encryption offer additional protection against a broader range of threats, especially unauthorized disclosure of sensitive information. This can include confidential […]
Secure KVM VNC Connections l CloudStack Feature First Look
Introduction In a previous blog post (https://www.shapeblue.com/api-driven-console-access/) we described the latest improvements around VNC console access in CloudStack 4.18. These improvements included switching it to an API-driven approach, and introduced a way to secure WebSocket traffic between the CPVM and end-users, whilst the traffic between the CPVM and hosts remained decrypted. This blog post explains […]
