Immutable Service Containers Updates

In my last post, I discussed the Immutable Service Container project and announced the availability of an ISC Construction Kit to automate the creation of OpenSolaris-based ISCs.

Today, I wanted to provide a few updates. Specifically, I would like to announce:

  • a new Immutable Service Container presentation (ODP, PDF) that provides a technical overview of the ISC approach, design goals, and the OpenSolaris implementation available today.
  • an updated Private Virtual Network architecture page highlighting additional network topologies that implement different network isolation strategies. These are a few of the models that are being considered for future ISC Construction Kit updates.
  • an updated Autonomic security architecture page that provides a number of use cases showing ISCs as an essential building block for these kinds of architectures.

Additional architectural content is in development and as always I am very interested in your feedback and ideas.

Take care!

Technorati Tag:

Comments:

Wow, Glenn. You figured out how to mount things read-only in a zone, and you renamed Mandatory Access Controls (MAC). Very impressive. You're a security god.

Posted by guest on July 09, 2009 at 01:42 AM EDT #

Love the sarcasm, keep it coming! ;-) Actually, if you look further into this project, you will find that it is a whole lot more than read-only mounts. It focuses on building images that pre-integrate a majority of security features/capabilities from the OS including hardening, auditing, packet filtering/NAT, zones, encrypted LOFI (for swap/scratch), and more all for the singular purposes of secure service delivery. Further, I continue to work with our engineering teams to identify new capabilities and will be integrating those as they are made available in an OpenSolaris release. Further, I am looking at how to expand this notion to other virtualization platforms including VirtualBox. So, while I appreciate your comment, I have to say that you are completely off base with your conclusion.

Posted by Glenn Brunette on July 09, 2009 at 01:58 AM EDT #

Post a Comment:
Comments are closed for this entry.
About

This area of cyberspace is dedicated the goal of raising cybersecurity awareness. This blog will discuss cybersecurity risks, trends, news and best practices with a focus on improving mission assurance.

Search

Archives
« May 2015
SunMonTueWedThuFriSat
     
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
      
Today