Scalr

How To Create Secure Cloud Environments With Scalr

Compliance is hard in the cloud. We have to be aware of where our data is located, how it’s secured on different cloud providers, and who has access to it. The same goes for the applications using that data and the infrastructure that managing it all.

Compliance is essential for enterprises, especially where sensitive user data is at risk. You have to enforce policies on networks, server tags, storage encryption, key management and more. Depending on your industry, compliancy can also involve maintaining patient data privacy for HIPAA or ensuring the encryption of financial data as per SEC regulations. And not just that – it’s maintaining that compliance across your different business units and applications.

In the end, what we worry about is customer data getting exposed and unauthorized access of our applications and infrastructure. So the solution is building out a framework to ensure that there’s no gaps exposing our users and resources.

But how do you do it?

There’s solutions inside each cloud provider. In AWS, you have to define and design strict IAM user groups and policies, manage an umbrella of AWS accounts using AWS Organizations, and if necessary run your workloads on dedicated physical infrastructure via AWS Dedicated Hosts or AWS GovCloud. GCP, Azure, and other public clouds have their analogs to help you manage resources by application and organization. As for OpenStack environments – you can use Congress’s declarative language to describe what your resources should be, or limit who can access Horizon.

But here’s the tricky part: over 70% of enterprises already have multi-cloud environments while another 40% are planning to adopt a hybrid cloud strategy. So while we can go all in on one cloud and set up all of our architecting, replicating that same system of RBAC across clouds and resources is unsustainable. When I want to enforce standardization at scale, or make changes that take effect across an entire organization or group, I’d have to do it project by project, cloud by cloud. Bundling compliance requirements into each application might work for small organizations, but it gets messy at scale.

So how can we enforce compliance across our business units and applications and make it easy to change the rules of that enforcement?

Here’s how we solve those problems with Scalr’s Hierarchical Policy Enforcement and Policy Groups.

Here’s the hierarchy of Scalr:

Scalr’s hierarchical paradigm allows for top-down policy enforcement. You set your policies at one level, say a business unit, and all the applications and teams within that business unit can obtain those security requirements. If you need to specify by team or by application, you can do that as well. We integrate with AD and any other LDAP or SAML based identity system, making it easy to replicate your company’s existing organizational structure.

By mirroring your organizational structure, users keep the permissions that they already have. Think of your hybrid cloud infrastructure like a sprawling kingdom, with your security and compliance standards as the walls around it. To protect that kingdom, it’s easier to defend a single gate than a hundred. When enterprises have a many-to-many relationship with their clouds and datacenters, the attack surface grows significantly, a single enforcement point minimizes that attack surface.

So what are these policies or permissions that we can set on our users and resources?

Well, Policies in Scalr are just like policies in AWS or GCP or Azure – they define what actions users can do on cloud resources. Some examples are mandatory firewall configuration, remote authentication (e.g. LDAP) configuration, running scripts on production servers, or even automating the shutdown of testing environments after a few days.

You can set Policies at the Corporate scope so that the effects of those policies are propagated down through the entire organization. Set policies at the Account scope and they’ll affect everything inside the Account. Accounts usually represent business units (this could be a collection of teams and the resources), but they don’t have to.

In the screenshot below, I’m at the Account scope inside the Scalr UI. On my left I can see the Environments within that Account. In the main section I can see the policies I have attached to the Environment, along with the clouds being used, and the level of control that teams have. An Environment would be the collection of resources for a particular web application. There can be a Production Environment, a Dev Environment, Testing, Staging, and so on.

Scalr Account Scope

As an example, Developers can have free reign in a Testing Environment, but only admins and DevOps can make changes in my Production Environments. You can also set policies on the individual applications and the components of those applications within the Production Environment. For example, you may want everyone to see what security groups or Production servers run, but only admins can see what SSH keys are available. Or, to simplify what users see, state that they can only see the applications and resources that their team has access to.

The important thing to mention is that your cloud providers are not tied to a specific Account or Environment – your resources live where they matter. If your development servers are in AWS for rapid experimentation but your production servers are on OpenStack inside your data center, you can visualize and manage everything from one UI. Like we see above, you can set cloud-specific policies, which lets you get granular without jumping into each cloud console.

By bringing all of your resources into one pane of glass, the admins of an organization have far more visibility and control over what the users see and interact with. Here I can get a detailed look at the cloud credentials being used within each Account on each Environment, and who’s using what.

Here is how to handle teams that have access to these environments. Like your individual cloud providers you can set up teams and user groups, but with Scalr you can do it across clouds and at scale.

Here are the teams that are on this Account. I can see who the users are, what Environments they have access to, and create Access Control Lists (ACLs) that define their permissions at the Account level.

Scalr Teams

I can enable access to specific applications, cloud services inside cloud providers or even access to third-party tools like Datadog or Chef.

Here’s an example of an ACL, which dictates everything that a user can see, gain read/write access to, and control. ACLs can be assigned to individual users, teams, or assigned to entire business units of users.

Using ACLs, here are some examples of what you can do with Scalr to create a secure cloud environment:

  • Set guardrails on instance sizes, security groups based on the user’s permissions and environment, SSH keys, auto-tagging on servers

  • Set a block on members of the First Week Developers team may only provision pre-built applications stacks from the Service Catalog, and may not build their own stacks

  • Members of the DBA Contractors team may view the security groups that are enforced on their infrastructure but may not modify them or create new ones

So what does this experience look like to the end user? Well, based on their permissions, they will have completely different experiences. More powerful users can have more access to different parts of Scalr (either through the UI or API), while developers that need simple solutions will see something like the Service Catalog.

Here’s what that looks like below:

Service Catalog

For our simple users, we give them a simple interface so that there are no gaps in the system. As an end user I can pick from this list of applications, and through policies that my admin set up earlier, I have a pre-selected menu of options I can configure for servers/cloud services that I deploy.

Thanks for reading! This wasn’t a deep dive on how Scalr’s environments and policies work, but rather to show that using a single UI/API backed by a powerful orchestration and automation engine to handle all of your resources and user management can make your life to maintain compliance and security much easier.

See you for the next one.

26 Comments

  • guarda-Sol says:

    The incentive behind marketing custom made umbrellas is to leave
    an effect on lots of of our beneficial clients.
    Umbrellas, like a lot of other merchandise are rather crucial in our
    day-to-day lives. They can help in generating some fantastic income for all
    kinds of firms, no matter whether they are larger, very well
    set up enterprises or smaller organisations. Owing to
    their massive sizing, visibility and usefulness, they can offer
    you an exceptional way to make manufacturer recognition, inside a little group as nicely as among millions close
    to the globe. This will also empower you, to show your company title far more properly, by outlining the
    attributes of your item, to your prospects. Your slogan or manufacturer title will allow the prospects to become familiar with your product or service.
    If they like it, they will not just appreciate it
    but normally pick the very same brand name in long run and
    advise it to their friends. This will also enable a wonderful offer in reassuring your prospects, that you
    generally adhere to the acceptable pointers of trying to keep the
    best possible standards, in producing these merchandise.

    1. There is a extensive assortment of custom umbrellas available these days together
    with, Golf umbrellas, Eco umbrellas, Kids umbrellas, Gents and Ladies Umbrellas,
    parasols, compact umbrellas and the Telescopic Umbrellas.
    They are all terrific for offering security in opposition to burning
    heat and other significant weather disorders. They all are in a good deal of demand from customers, thanks to
    their exclusive types, remarkable types, stunning styles
    and lively colors.

    two. These umbrellas normally have a hard lining to withstand versus potent wind.
    They also have numerous others capabilities, like a vented body
    that can open routinely, a picket deal with and wrist strap.
    Some designs are trendier, and considerably additional modern , as when compared to a lot of other
    less difficult ones.

    three. The Eco styles are designed from recycled PET material.
    This will persuade a lot of environmentally aware people today to go for these products.
    The actuality that they are re-usable is not only important for the men and women but also for the natural
    environment.

    4. There are large versions of custom made umbrellas available in numerous different measurements and colours,
    with fiberglass ribs for sturdiness, shaft and
    cope with. These exceptional models enjoy a essential function in developing up a good name for the firm and endorsing the brand name name.

    5. Some of the hottest designs normally have metal security program,
    stainless steel cables and fittings and are potent sufficient to deliver maximum
    safety versus UVA and UVB rays. Playful umbrellas for
    young children are pretty exceptional to be provided as items.
    They are significantly cherished by numerous, thanks to
    their lovely and unique models, which glance genuinely amazing
    from a distance. They can also be actual a source of fun and leisure for the small children, and are
    pretty suitable for each day use, much too.

    Branding umbrellas or other useful products, is deemed to be rather effective and lucrative for the enterprise, as many persons generally appear out for a organization emblem ahead of earning
    a buy. So it is really usually a very good thought to print your firm name, logo together with some
    significant info both on the top rated of the canopy, inside the canopy or on the deal with of your custom
    umbrellas.

  • guarda-Sol says:

    The incentive behind promotion custom umbrellas is to depart an perception on lots of of
    our important clients. Umbrellas, like several other goods are pretty crucial in our every day life.
    They can support in developing some excellent profits for all
    kinds of corporations, no matter if they are even larger, properly proven enterprises or scaled-down organisations.
    Owing to their big dimension, visibility and usefulness, they can provide an fantastic way to produce manufacturer consciousness,
    in just a smaller neighborhood as perfectly as amid millions all-around the entire world.
    This will also empower you, to exhibit your firm name additional effectively, by detailing the traits of your product, to your buyers.
    Your slogan or brand title will enable the clients to develop into
    acquainted with your merchandise. If they like it, they will not just respect it but always pick
    out the identical brand in future and recommend it to their good friends.
    This will also support a fantastic offer in reassuring your shoppers,
    that you usually observe the suitable rules of preserving the best possible criteria, in producing these
    goods.

    1. There is a broad vary of customized umbrellas out there these days like, Golfing umbrellas, Eco
    umbrellas, Young ones umbrellas, Gents and Ladies Umbrellas, parasols, compact umbrellas and the Telescopic Umbrellas.
    They are all fantastic for providing defense in opposition to burning warmth and other intense weather
    conditions conditions. They all are in a whole lot of demand, owing to their exclusive designs, wonderful patterns, stunning
    designs and vivid colours.

    2. These umbrellas typically have a hard lining to stand up to towards powerful wind.
    They also have different other people attributes, like a vented frame that can open up routinely, a
    picket cope with and wrist strap. Some styles are trendier, and
    much additional trendy , as as opposed to quite a few other less difficult ones.

    3. The Eco models are produced from recycled PET cloth.
    This will motivate a lot of environmentally conscious people to go for these solutions.

    The truth that they are re-usable is not only crucial for the men and women but also for the setting.

    4. There are significant versions of custom made umbrellas offered in many different sizes and colours, with fiberglass ribs for sturdiness,
    shaft and take care of. These exceptional styles enjoy a critical part in setting up up a good standing for the company and endorsing the manufacturer name.

    five. Some of the most recent products usually have steel defense program,
    stainless steel cables and fittings and are robust enough to
    supply greatest security in opposition to UVA and UVB rays.
    Playful umbrellas for kids are quite scarce to be supplied as items.
    They are much cherished by a lot of, due to
    their gorgeous and exclusive types, which seem definitely incredible from a distance.
    They can also be real a resource of enjoyable and enjoyment
    for the youngsters, and are fairly acceptable for every day use,
    too.

    Branding umbrellas or other practical merchandise, is viewed as to be
    pretty advantageous and rewarding for the company, as numerous people generally search out for a company logo in advance of generating a acquire.
    So it truly is generally a good strategy to print your corporation title, symbol along with some critical
    details possibly on the major of the cover, within the canopy or
    on the take care of of your personalized umbrellas.

  • Exceptional post however , I was wanting to know if you
    could write a litte more on this subject? I’d be very grateful if you could elaborate a
    little bit more. Appreciate it!

  • It is really not simple organizing an function. Dealing with a get together rental company for the 1st time can be tough if you never know what to
    question and expect. Very well, in this article is some advice to make issues a bit a lot easier…

    Prepare in advance. Get started considering about your occasion or wedding well
    in progress of the genuine day. Bash rental companies have active seasons.
    March-June and Oct -December are nuts with weddings and getaway parties.
    If you want to make certain you get the get together rental objects you need,
    you really should try to reserve large orders at the very least 2
    months in advance if you are scheduling your celebration in the course
    of any of these months.

    Always approach for a couple excess people than you are anticipating.
    It is significantly a lot easier for a company to a little lessen your purchase than to consider to add things.

    Keep in mind that they may possibly not be out there at the very last moment.

    Choose up the cellphone. You can explain to a good deal about any enterprise primarily based
    on the shopper services you acquire. When buying close to for
    the very best quote on your occasion rentals, make
    sure you consider into thing to consider who you like and will work finest with you to make guaranteed your celebration is a good results!

    Know what you might be receiving. Some party rental items remain in a companies’ stock for
    many years and years. A great deal of problems can transpire in that
    volume of time. You won’t be able to hope
    rental items to be best, but you can assume them to be
    clean and presentable. Test to examine or at the very least ask
    what condition the products are in that you are reserving.
    If you are masking your rentals with linens or chair handles, this is fewer essential.
    When it will come to linens, make guaranteed the firm you go with will not just clean and fold their tablecloths with
    no pressing them.

    Have an understanding of what is bundled in your whole.
    Social gathering rental organizations will demand
    you a shipping and delivery payment, most most likely centered
    on your zip code or space of town. Most organizations
    will fall your rentals off in a mutually agreed upon spot and leave
    you to move and set up the objects. If you require assist in placing up, you
    can typically prepare this for an excess cost. Some businesses present absolutely free
    set up and get down, which could conclude up being a substantial help
    if you are planning a large party.

    Distinct your house. If you happen to be setting up on obtaining your celebration at household, make confident you have the area cleared and clear prior to your occasion rental business
    offering any goods you have purchased.

    Figure out what to serve in the way of the food stuff and beverages, and assume of timing.
    Recall to look at if you will require any additional tables for foods or beverages.

    A bar most likely? The time of day you will be having your occasion is also important.
    Friends will hope far more than finger food items if
    you are web hosting your function in the course of any of the 3 important mealtimes.

    Allow for excess home. If all of your guests will be seated at the exact same
    time, make guaranteed you have a seating chart, or permit for excess area.
    At weddings specially, you really don’t want to depart the
    few at the end of the buffet line with out a location to
    sit, because there is only one particular location still left at every
    desk. Keep in mind that guests want to sit with their pals, so permit for plenty of additional seating.

    Check with queries! Do not be scared to “bug” your occasion rental organization about any and all facts.

    Your celebration need to be ideal, and you ought to have to know particularly what you will be obtaining.
    Also, if your rental business is just not practical and speedy in responding to you, locate a new 1!

    Negotiate. If you are setting up a big sized event, request prospective get together rental corporations if they have any offers.
    Probabilities are, they won’t want to lose a significant buy and will
    uncover a way to give you a price cut, such as a waived supply fee or a couple
    of free tables. It never hurts to request!

    Get advice about other sellers. Need to know exactly where to come across balloons,
    or possibly the finest florist on your side of town? Request your bash rental corporation if they have any handy solutions.

  • Just want to say your article is as astounding. The clarity for your submit is just nice and i could suppose
    you’re an expert on this subject. Fine along with your permission let me to grasp your feed to stay updated
    with drawing close post. Thank you a million and please continue the gratifying work.

  • I like the valuable info you provide in your articles.
    I will bookmark your blog and test once more right here frequently.
    I’m moderately sure I will be informed plenty of new stuff right here!
    Good luck for the following!

  • Because the admin of this site is working, no doubt very rapidly it will be well-known, due to its feature contents.

  • Useful information. Fortunate me I found your web site unintentionally,
    and I’m shocked why this twist of fate did
    not came about earlier! I bookmarked it.

  • It’s hard to find well-informed people in this particular subject, but you seem like you know
    what you’re talking about! Thanks

  • honey boba says:

    This is the yr tea was found out.

    Sure, in 2737BC, in China, the Chinese emperor stumbled across a mysterious potion after leaves from the camellia sinensis
    plant unintentionally fell into the water his servant was boiling for him to consume.
    As a herbalist, he embraced the prospect to consider a new concoction, sipped the fragile liqueur and promptly fell in really like
    a appreciate that has been shared by billions of folks due to the fact.

    But it is head blowing to imagine that tea has been eaten by folks
    for above 4000 yrs. And perhaps even stranger to think that in Britain, we
    have only been consuming tea (our saviour, our consolation, our ‘pack-your-kettle-last-so-it can be-the-initially-issue-out-the-lorry’) for a brief four hundred a
    long time.

    Even so, this is an extraordinary amount of money of time to
    acquire the traditions and conventions connected with consuming it,
    and the tea consuming ritual is 1 steeped in cultural customs.

    It is potentially a generalisation, but when we imagine of tea drinking
    rituals, it is the Chinese and Japanese tea ceremonies that
    straight away spring to intellect: formality, silence,
    connections to nature, tea as a present, a way of featuring
    many thanks or apologies to a relative.

    Rule-ruled and purposeful tea consuming? The officialism appears alien to us.

    On reflection though, perhaps there is ritualism in our individual tea usage.
    Does not tea comply with food instances, assist calm our nerves,
    welcome us household just after do the job, or welcome friends in excess of (imagine not featuring a close friend a brew
    soon after knocking on your doorway. Best social fake pas), carry our spirits
    and console us? Although we do not wear robes
    or kneel down, tea does have significance: consolation, protection, friendship.
    If this just isn’t our tradition, then I really don’t know what is.

    Tea is not just loved in the nations stated over.
    Tea has successfully bewitched people today in every
    single continent throughout the world, which has led to it
    currently being branded as the 2nd most commonly eaten beverage on the planet just
    after drinking water. Tea’s capacity to permeate cultures has arguably enabled it to survive these 4000 many years,
    each and every bringing their individual traditions and quirks
    in which to rejoice this exclusive liquid.

    And this is what we will right here check out how tea consuming traditions differ in some of the top
    rated tea ingesting locations of the environment.

    China

    As talked about previously mentioned, in China the
    consumption of tea is ceremonial. Not only do the Chinese men and
    women celebrate tea, but they use tea to formally celebrate or consolidate situations,
    these types of as serving tea at relatives gatherings, as a image of official apology and as a way of politely
    addressing and thanking parents for the giving and obtaining of partners at weddings.

    It is the preferences and aromas of the tea which are at the heart of
    the ritual. Each and every utensil is thoroughly washed or cleansed applying the 1st infusion of the
    green tea leaves to guarantee that the 2nd infusion’s style is
    not coloured by any overseas bodies, like dust particles, so the
    tea is pure.

    Importantly as very well is the way the tea is poured slowly, in just one movement,
    throughout all cups (which are modest clay pots) and only 50 %
    full. The other half of the cup is explained to be loaded with friendship and affection consequently
    binding host and guest in their tea ingesting experience.

    Japan

    In Japan, the tea ceremony centres all around the producing of Japanese Matcha tea a
    inexperienced tea floor to a wonderful powder which
    is planet renowned for its exceptional therapeutic powers, significant focus of antioxidants and relatively bitter
    style.

    The ceremony is named Chanoyu and focuses on the aesthetics of
    tea producing fairly than the taste or smells, creating the encounter far more of a choreographed general
    performance than a quenching of thirst.

    The ceremony’s composition dates back again to the twelfth century and entails the host’s
    serving of the tea, as well as the presentation of the utensils and ceramics used to prepare it,
    the arrangement of bouquets in the area and calligraphy.
    These objects can all be modified by the host to
    best in shape the situation for which the tea is served.
    It is also the host’s activity to have thought of their guests’ check out of the tea at just about every angle in the
    house, to make sure that their experience will be just one
    of purity, serenity and tranquility: a weighty duty.

    The considerate thought that is needed for a profitable ceremony normally ensures that the bonds
    of friendship amongst the hosts and their friends are strengthened just after the knowledge is concluded.

  • Hello! I could have sworn I’ve been to this site before but after going through some of the articles I realized it’s new to me.
    Regardless, I’m certainly pleased I found it and I’ll be
    bookmarking it and checking back often!

  • Thanks for the good writeup. It in truth was a leisure account it.
    Glance advanced to far delivered agreeable from you! However, how could
    we keep in touch?

  • My partner and I absolutely love your blog and find the majority of your post’s to be exactly what I’m looking for.
    can you offer guest writers to write content in your case?
    I wouldn’t mind publishing a post or elaborating on many of the subjects you write regarding
    here. Again, awesome weblog!

  • Wonderful beat ! I wish to apprentice at the same time as you
    amend your website, how could i subscribe for a weblog
    web site? The account helped me a acceptable deal.

    I have been a little bit familiar of this your broadcast offered vibrant clear idea

  • RebKida says:

    Cialis En Las Mujeres Macrobid Tablets Medication Cash Delivery Online Acheter Viagra Pfizer France receta finasteride comprar propecia Pharmacys Online 1742 Buy Tinidazole 500mg

  • Hmm is anyone else experiencing problems with the pictures on this blog loading?
    I’m trying to find out if its a problem on my end or if it’s
    the blog. Any suggestions would be greatly appreciated.

  • I couldn’t resist commenting. Perfectly written!

  • Hey there, You have done a fantastic job. I will certainly
    digg it and personally suggest to my friends. I’m confident they will be benefited from this web site.

  • It’s fantastic that you are getting thoughts from this post as well as from our discussion made
    at this time.

  • It’s hard to find well-informed people about this topic,
    but you seem like you know what you’re talking about!
    Thanks

  • hello!,I really like your writing so a lot! proportion we communicate more
    approximately your article on AOL? I need a specialist in this space to unravel my problem.
    May be that is you! Having a look ahead to peer you.

  • Thanks in support of sharing such a nice thinking, post is good, thats why i have read it completely

  • Howdy! This is kind of off topic but I need some guidance from
    an established blog. Is it very difficult to set
    up your own blog? I’m not very techincal but I can figure things out pretty fast.

    I’m thinking about making my own but I’m not sure where to begin. Do you
    have any tips or suggestions? Thanks

  • 金の菊芋 says:

    Thanks for sharing such a good opinion, piece of writing is fastidious, thats why i have read
    it entirely

  • Hi it’s me, I am also visiting this website daily,
    this web site is genuinely fastidious and the people are truly sharing good thoughts.

  • Great article, totally what I was looking for.

Leave a Reply