Managing i cloud is a bit complex task so many factors need to consider,
The logical design of the i cloud Cloud Environments should include measures to limit remote access to only those authorized to access resources, provide the capability to monitor the i cloud Environments, and allow for the remediation of systems in the cloud environment, as well as the backup and restoring of a guest OS.
What is Access Control for Remote Access in cloud computing?
To support globally distributed data centers and secure i cloud computing environments, enterprises must provide remote access to employees and third-party personnel with whom they have contracted.
This includes field technicians, IT and help desk support, and many others.
Managing i cloud: Following are key questions that enterprises should be asking themselves:
- Do you trust the person connecting to provide access to your core systems?
- Are you replacing credentials immediately after a remote vendor has logged in?
A cloud remote access solution should be capable of providing secure anywhere access and extranet capabilities for authorized remote users.
The service should utilize SSL/TLS as a secure transport mechanism and require no software clients to be deployed on mobile and remote users’ Internet-enabled devices.
One of the fundamental benefits of the cloud is the reduction of the attack surface.
There are no open ports. As an example, Citrix Online runs the popular GoToMyPC.com service, a remote-access service that uses frequent polling to the company’s cloud servers as a means to pass data back to a host computer.
There are no inbound connections to the host computer; instead, GoToMyPC pulls data from the cloud.
The result is that the attackable parts of the service any open ports are eliminated, and the attack surface is reduced to a centrally managed hub that can be more easily secured and monitored.
Managing i cloud: Key benefits of a remote access solution for the cloud are many:
- Secure access without exposing the privileged credential to the end-user, eliminating the risk of credential exploitation or keylogging.
- Accountability of who is accessing the data center remotely with a tamper-proof audit trail.
- Session control over who can access, enforcement of workflows such as managerial approval, ticketing integration, session duration limitation, and automatic termination when idle.
- Real-time monitoring to view privileged activities as they are happening or as a recorded playback for forensic analysis.
- Sessions can be remotely terminated or intervened with when necessary for more efficient and secure IT compliance and cybersecurity operations.
- Secure isolation between the remote user’s desktop and the target system they are connecting to so that any potential malware does not spread to the target systems.
What is OS Baseline Compliance Monitoring and Remediation?
Tools should be in place to monitor the OS baselines of systems in the cloud environment.
When differences are detected, there should be a process for root cause determination and remediation.
You need to understand the toolsets available for use based on the vendor platforms being managed.
Both Microsoft and VMware have their own built-in OS baseline compliance monitoring and remediation solutions, as has been discussed previously.
There are also third-party toolsets available for use that you may consider, depending on a variety of circumstances.
Regardless of the product deployed, the ultimate goal should be to ensure that real-time or near real-time monitoring of OS configuration and baseline compliance is taking place within the cloud.
In addition, the monitoring data needs to be centrally managed and stored for audit and change-management purposes.
Any changes made under remediation should be thoroughly documented and submitted to a change-management process for approval.
Once approved, the changes being implemented need to be managed through a release- and deployment-management process that is tied directly into configuration and availability management processes to ensure that all changes are managed through a complete lifecycle within the enterprise.
How to Backup and Restore the Guest OS Configuration for cloud?
As a Cloud Environments professionals, you are responsible for Managing i cloud and ensuring that the appropriate backup and restore capabilities for hosts as well as for the guest OSs running on top of them are set up and maintained within the enterprise’s cloud Cloud Environments.
The choices available for built-in tools vary by vendor platform being supported, but all vendors provide some form of built-in toolsets for backup and restore of the host configurations and the guest OSs.
This is typically achieved through a combination of profiles, as well as cloning or templates, in addition to some form of a backup solution
Whether the use of a third-party tool is used to provide the backup and restoration capability or not will have to be decided based on referencing the SLAs that the customer has in place as well as the capabilities of the built-in tools that are available.
In addition, it’s important to reference the existing BCDR solutions in place and ensure coordination with the plans and systems.