Written by Frank Tucker
While on a business trip, I got a request from the team to provide a private chat server. They wanted to chat privately among each other and with trusted business partners securely. As I gazed out the window of the airplane, I contemplated how I might accomplish this. Yes, we could do Lync which is pretty amazing, but I wanted them to have a consumer experience delivered in the Enterprise. Well, it was a 6 hour flight, so I had a lot of time. Considering that there was no in-flight entertainment, I decided to purchase Wi-Fi access and set it up in the cloud from the clouds. I happened to be sitting next to a customer and took this opportunity to dazzle him. I said…watch this, I will go from zero to fully operational in less than an hour, starting up a new private chat service for our team and trusted business partners. He chuckled so I took that as a challenge.
Cloud computing is a type of computing that relies on sharing computing resources rather than having local servers or personal devices to handle applications. In cloud computing, the word cloud is used as a metaphor for “the Internet”, so the phrase cloud computing means “a type of internet-based”, where different services such as servers, storage and applications are delivered to an organization’s computers and devices through the Internet. A key enabler for the cloud is virtualization. Virtualization is a term that refers to the abstraction of computer resources. The main component of a virtualized system is a hypervisor and is responsible for enforcing isolation between virtual machines and resources management of the hardware. A hypervisor maps physical resources to virtualized resources and vice versa. It is the main controller of any access to the physical server resources by virtual machines. Cloud computing is different from traditional hosting with its essential characteristics such as:
- On-demand self-service – A consumer with an instantaneous need at a particular timeslot can avail particular resources in an automatic fashion without resorting to human interactions with providers of these resources.
- Broad network access – Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous platforms.
- Resource pooling– The cloud service provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model with different physical and virtual resources dynamically assigned and reassigned accordingly to consumer demand.
- Rapid elasticity – Capabilities can be elastically provisioned and released in some cases automatically to scale rapidly outward and inward commensurate with demand.
- Measured service – Cloud services automatically control and optimize resource use by leveraging a meeting capability at some level of abstraction appropriate to the type of service.
- Ubiquitous network access – Capabilities are available over the network and access through standard mechanism that promote use by heterogeneous thin or thick client platforms.
Many organizations are using this computing paradigm to increase performance and decrease cost. Cloud computing is particularly powerful as a service model (e.g. Software as a Service or Platform as a Service). There are different types of cloud computing approaches that suit a particular need which includes:
- Public cloud – A public cloud can be accessed by any subscriber with an internet connection and access to the cloud space. Public cloud services are available to clients from a third party service provider via the Internet. Public cloud provides an elastic, cost-efficient means to deploy solutions and take care of deploying and securing the infrastructure.
- Private cloud – A private cloud established for a specific group or organization and limits access to just that group. A private cloud offers some of the benefits of a public cloud environment, such as elastic on demand capacity, self-provision and service based access.
- Community cloud – A community cloud is controlled and used by a group or organization that has a shared interest, such as specific security requirements or a common mission. The members of the community share access to the data and applications in cloud
- Hybrid cloud – A hybrid cloud is essentially a combination of at least two clouds, where the cloud included are a mixture of public, private or community. Hybrid cloud is a combination of an inter-operating public and private cloud. In this model, users typically outsource non business critical information and processing to the public cloud, while keeping business critical services and data in their control.
I logged into our Amazon Web Service account, a public cloud provider, and spun up an Ubuntu 12.04 image. That happened in about 5 minutes. I then logged in via SSH added the repo for openfire then sent the apt-get command. Once installed, I setup an admin user and changed the password. I restarted the server and bam…I’m up and running, however I’m not quite ready for production.
I installed the server certificates for SSL which took longer than expected. The internet wasn’t exactly fast so uploading took a while. I configured web server then logged into the openfire portal. At this point, I set up the access control lists and access rules to our security posture. I then went into the configuration menu and connected it to our directory server over LDAP Secure. Next, I added users in the company who were going to be using this. All this took less than 30 minutes, however I needed some people to test it. Normally, testing is quite a rigorous process that includes but is not limited to:
- White Box Testing – Non-functional testing of software including its internal structures, interfaces and other technical features, which we apply to unit, integration and system testing levels.
- Black Block Testing – Functional testing, using test cases, and built around application specifications and requirements, ensuring it meets the needs it was designed to perform. This is applied to all levels of testing, from unit to acceptance testing.
- Performance Testing – Applied to both White-box and Black box testing, we will determine how well the system performs using metrics such memory usage, processor consumption and query response times to ensure the system is performing with the stated capacity goals. Examples of performance testing include: load testing, volume testing, scalability testing and stress testing.
- Other Test Types – Static testing including: reviews, walkthroughs, inspections; and Dynamic testing including: regression testing, smoke testing, compatibility testing, installation testing, accessibility testing, usability testing and observations such as observing the installation of software.
I really needed to compress this in a span of minutes so I downloaded an xmpp client, configured the settings and confirmed it worked requiring TLS. The client of choice was jitsi which provided secure voice, video, chat, file transfer, desktop sharing and much more. I integrated our voip system so employees could make calls to landline or cellular. I created instructions so the average user could setup the chat client and add a buddy on their desktop. This is what nearly caused me to eat my words as creating a user manual takes time. I went to our url shortener http://microh.us and created short links to the xmpp client with off the record secure messaging. I quickly started taking screenshots of how to download, install and configure the xmpp client. I coupled the images with instructions in a PowerPoint and sent it off to a few individuals to test it. They validated it worked using a secure connection and off the record mode using certificates. I then needed to do some quick performance testing. I used a web client to connect to the new private chat service, then used Selenium and created scripts to perform some automated tests to help accelerate testing. Yes, it worked and we were chatting, but it was still not quite ready for production yet.
Arguably, security is one of the biggest concerns with the cloud because the services of cloud computing is based on sharing. There are many kinds of possible attacks, such as network based attacks, virtual machine based attacks, web application attacks, malicious program injection attacks and browser based attacks. Therefore, taking a good security approach will take into account:
- Confidentiality: The prevention of unauthorized disclosure of information that may be intentionally or unintentionally refers to the confidentiality.
- Integrity: Integrity is the assurance that information can only be accessed or modified by those authorized to do so.
- Authentication: This is the process of testing a user’s identity and ensuring that user is who they claim to be.
- Availability: This principle ensures the availability of data and computing resources when needed.
- Authorization: Refers to the process of giving an individual access to those things authorized.
With successful rapid testing, I went in and began to harden the server with firewall rules, vpn connections, changing operating system accounts, installing alarms, setting up host based intrusion detection, updating all software and security patches, removing packages to minimize vulnerability, disabling root login, requiring ssh2 protocol, only allowing specific users, locking down cronjobs, enforcing strong passwords and installing system monitors – to name just a few. I quickly ran a vulnerability scan to see where I stood, which was in pretty good shape. I installed our asset management agent that would report the server and its configuration to our IT asset management software, rebooted the server, and then asked an employee to set up the team.
I turned my screen to the customer and remarked…with the proper cloud infrastructure, even a novice like me can look like a pro service hosting provider. In less than an hour on a plane I went from zero to a private communication suite for the team, secured, tested, and deployed in operations with user instructions and system monitoring implemented. The look on his face was priceless. I think for the first time, he realized the potential of his very own project. The cloud is not just a buzzword for small businesses like us. It’s an enabler. It’s a force multiplier. It’s a discriminator. More importantly, it has given us big business ability with small business agility. Things that normally take a large team can be accomplished with a much smaller team at greater efficiency and equal if not better effectiveness. Some of the benefits we realized along with our customers include but are not limited to:
- On demand – Whenever the user demands the services it is ready to provide the services.
- Reduced cost – Cloud computing costs much less than you would spend on desktop software.
- Increased mobility – With cloud computing you can access your information anywhere there is a network connection.
- Storage capacity – Instantly scalable so you can store your data with no worries to increase your system’s storage capabilities.
- Elasticity – You can access as much or as little service as per your needs, or you can scale your needs up and down depending on the service models.
- Fully managed by service providers – In the cloud, software upgrades and enhancements are no additional cost and automatic.
- Availability – Your data is still available even if you lose your laptop.
- Support services – The cloud vendors provide a range of services to suit hosting needs.