Security, Backups & DR/BC
CloudyCluster follows the AWS security best practices as part of its automatic deployment.
- The control node deploys a VPC and all computational and storage resources are created within the VPC.
- The login instance performs the role of bastion host.
- All permissions follow the least necessary privileges philosophy by assigning only the needed permissions to the IAM roles required by the instances to perform their functions.
- There are additional security features that can be enabled to meet various security requirements including:
- encrypted EBS volumes for OrangeFS
- Multi-Factor Authentication
- enforce S3 object encryption
- Lets-Encrypt for SSL Certificates, updated every 90 Days.
These features can all be enabled through the web user interface.
Backups and Disaster Recovery
- It is recommended that you backup data that is not easily reproducible to S3 and/or Glacier.
- If you automate the automatic deployment and deletion of your environment with Automaton, make sure your critical data is saved outside the environment before you delete it.
- If you need real time BC or DR capabilities, you can run multiple CloudyCluster environments in different regions.