Skip to end of metadata
Go to start of metadata

Machines in the Joyent Public are very secure. However, you can take steps to ensure machine security even further.

This topic shows you how to secure your SmartMachine or appliance. It also touches on the differences between security and disaster recovery in the Joyent Cloud.

In this topic:

In this section:

Truth and Fiction About Security in the Joyent Cloud

Machines that you provision into the Joyent Cloud are encapsulated in a zone, which provides unparalleled security. In addition, machines in the Joyent Cloud have access to many tools that ensure your business critical applications are uncomprimised by malicious activity. However, security is not the same as protection against catastrophic failure. You should actively ensure business critical applications that you host on a machine in the Joyent Cloud are protected by some sort of disaster recovery system.

Zones are a virtualized instance of SmartOS (also known as a SmartMachine). Below are some facts and common misconceptions about SmartMachine security.

Truth about Joyent Cloud Security

  • ZFS preserves data integrity and protects against data corruption.
  • ZFS supports snapshots and copy-on-write clones.
  • SmartMachines provide a secure barrier to exposure from other systems in the cloud.
  • SmartMachines provide a tamper-proof audit trail that is managed in a top-level management layer called the global zone.

Customer Security Responsibilities

  • Still need to perform regular backups
  • Still need to setup version control for your applications
  • Need to maintain active firewall settings
  • Need to implement monitoring, logging and alerting 
  • Should use configuration management and revision control
  • ZFS is not a magic pill - your System Administrators are
For more information on ZFS or zones, see the SmartOS wiki.
Labels:
smartos smartos Delete
configuration configuration Delete
catastrophic catastrophic Delete
protection protection Delete
backups backups Delete
snapshot snapshot Delete
copy-on-write copy-on-write Delete
global global Delete
management management Delete
zfs zfs Delete
recovery recovery Delete
disaster disaster Delete
firewall firewall Delete
zone zone Delete
security security Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.