VPC to VPC VPN configuration in CloudStack
Introduction Configuring connectivity between CloudStack hosted VPCs can be done by either using private gateways – which has to be configured by CloudStack root administrators to use dedicated network segments – or by using VPC-to-VPC connections, which can be configured by the CloudStack end user without admin input. In this blog post we will cover how to […]
Dynamic Roles in CloudStack | CloudStack Feature Deep Dive
Introduction Managing user roles has been a pain for a while, as the model of having a commands.properties file that defines roles and their permissions can be hard to comprehend and use. Due to this, not many CloudStack users made any changes to the default harcoded roles and further enhanced roles. Therefore, ShapeBlue has taken the opportunity to […]
Granular Access Controls in CloudStack | CloudStack Feature Deep Dive
An oft-cited limitation in Apache CloudStack is the lack of granular access controls. Historically, when creating an account, there have been four built-in roles to choose from: Root Admin, Resource Admin, Domain Admin, and User. Unfortunately, these built-in roles have been insufficient for the needs of many organizations, who have resorted to various workarounds. Thankfully, this will change in […]
Shellshock and CloudStack
Shellshock is the family of bugs in the Unix Bash shell which allows an attacker to execute arbitrary commands on a vulnerable system potentially allowing an attacker to gain full access to that system. The bug (CVE-2014-6271) was first disclosed on 24 September 2014, upon closer inspection of the code, related vulnerabilities (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187) were […]
SAML2 in Apache CloudStack | CloudStack Feature Deep Dive
In this post, Rohit Yadav, Software Architect at ShapeBlue talks about his work on the recent implementation of SAML 2.0 based Single Sign-On (SSO) and Single Log-Out (SLO) for Apache CloudStack As part of the ShapeBlue Software Engineering Team, I work on both CloudStack feature requests for our customers and vendor integrations for CloudStack. However, we do sometimes […]
Using CloudStack 4.3 with Microsoft Active Directory
CloudStack 4.3 provided further enhancements to the LDAP integration, and in this article we will look at how you configure CloudStack to authenticate against a Microsoft Active Directory Server. Enable AD Integration First step is to tell CloudStack about your Active Directory Servers (yes we can now have more than one) Go to Global Settings […]
How to Mitigate OpenSSL HeartBleed Vulnerability in Apache CloudStack
UPDATE: 09-Apr-2014 – The proper upgrade command is “apt-get install openssl libssl1.0.0”. If you’ve just updated openssl, please go back and update libssl as well. UPDATE: 10-Apr-2014 – Added detailed verification steps / Apache CloudStack 4.0 – 4.1 are not vulnerable, they use older Debian/openssl. Thanks to all involved for helping to put together and update […]
Apache CloudStack 4.1 | CloudStack Feature First Look
CloudStack 4.1 has just been released, bringing with it a raft of new features and improvements. 4.1 presents a milestone for Apache CloudStack as it is the first release since the projects graduation to a top level Apache project. Here’ I take a detailed look at some of the new features Add / Remove Network on […]
