Tag Archives: Tag 1

Dare to Bare – Bare Metal Container

Eliminating either the virtualisation platform or the IaaS layer immediately makes the infrastructure less complex. This has a positive effect on the operation. There are fewer networks, hosts, and disks that need to be managed, which means that the infrastructure can also be run by fewer people. Furthermore, it is logical that with each layer which is removed from the infrastructure the system becomes less error-prone. Indeed, there is one level less where something can go wrong, or which someone has to worry about.

The topic of performance has been already addressed in the introduction: resources can be used more efficiently on bare metal. This also means that all hardware resources can be used, because no resources are used for hardware
emulation by a virtualisation layer. This eliminates duplicate data encapsulation and also makes networking faster. There are not two SDNs stacked on top of each other, but just one, which
increases performance.

It is also interesting that for such a Cloud you can use very simple hardware without the need for large amounts of duplication. There is no need to invest in dual power supplies or duplicate network connections, because in the event of a system failure, the container management will ensure that the containers are restarted directly on another system, or in several instances already distributed across multiple systems. So, if a server is broken, it is simply replaced by a new one, it just needs to be turned on, the rest is done by the Cloud management.

If you run the services that form an IaaS layer, such as OpenStack, in containers, you kill two birds with one stone: the container framework also ensures the high availability for these services and, at the same time, the IaaS Services represent a welcome added value, for example in the area of storage and bare metal management. You can also make those available for VM or Cloud instance use.

Finally, a short detour into the realm of security. If you run your application on bare metal hosts and run them yourself, you hold your security in your own hands. With a VM in a public cloud, it is a bit different, a leak on any other VM in the environment may also affect your own VM. In a bare metal environment, applications or customers can be physically separated if necessary.

Of course, there are also disadvantages when you operate your containers on bare metal. One of them is that the platform cannot be scaled with as much flexibility as it is on public cloud instances. You have to order new hardware just in time and install it in the rack if you want to operate such a platform in-house yourself. But there are an increasing number of Cloud providers offering bare metal performance for containers.

Considering the falling cost of hardware and the increasingly complex container ecosystems, the bare metal cloud seems to have a future.

The Cloud is Someone Else’s Computer

Almost every day, you can read about “data richness”. This is a jargon term for when, all of a sudden, a company’s data is
available to everyone on the Internet; very often such data can be found in “the Cloud”. On the one hand, of course, a
company wants to avoid this, but at the same time it needs to remain efficient and competitive. Cloud computing in every
form is a must-have to increase efficiency. But what do you have to pay attention to, so you don’t end up as the victim of
a super data breach that’s all over the news? What is really important? As always, the answer to this question is not easy.

Encryption only offers limited protection

First of all, you have to understand that you are handing over your data. This fact must never be overlooked: encryption
protects data that is not currently in use and secures it during transmission. However, when it is in storage for processing,
data is always unencrypted. Even the best encryption is of no use, as anyone who can access the storage can also access
the data. So the next question is: Who has access to this storage? The Cloud provider will definitely have access, and
depending on the legal situation in the country of the provider, the authorities of the respective country may also have
access. This leads to the trust issue: Who can I trust to look after my data? Is outsourcing compatible with the duty of
care? Does the Cloud provider have the necessary expertise in security matters? Is the Cloud provider certified in
accordance with ISO and are SLAs provided?

Classifying data by confidentiality

With these issues in mind, data must be classified in terms of confidentiality. Securing the data can then be carried out in
a classic manner, according to the principles of “Need to Know” and “Least Privilege”, which determine which data can
be processed “outside” and which date can only be processed internally. First drafts of patent applications do not belong
on a Cloud drive! Once it is clear what data is in the Cloud, it is necessary to ensure that it cannot be manipulated without
authorisation, and that manipulation is detected immediately. Here, the same rules apply as within the company’s own
infrastructure: the technical implementation of encryption and integrity checks must meet the latest and highest standards.
Data which has been manipulated may give competitors unprecedented advantages on the market. Compliance with these
rules should be checked regularly and by an independent source.

Why Cloud Security Really Matters

Those who have implemented all of this correctly and defined their data classification, taking into account their “cloud
suitability” in their Security Policy can be considered to be on the safe side. It goes without saying, that the same, or even
more stringent security measures apply to servers and storage in the Cloud as they do to internal systems. In this case,
too, an audit may be useful, as an independent party always has a better insight compared to an internal point of view
which might be biased. So, what really matters is to be aware that a Cloud is someone else’s computer, to draw the right
conclusions from this, and to have a clear idea on what it is appropriate to do there, and what it is better to avoid.