Software Certification management: A milestone in the cloud process

Security experts are thinking about the cloud's information security problem. Whether it is operational issues such as chassis security http://www.aliyun.com/zixun/aggregation/14216.html "> Performance monitoring, review environment, or engineering issues such as VM expansion." It is accepted that there is a unique, deep and familiar existence in the cloud.

A hidden hornet's nest, often overlooked, once stabbed, the consequences of unimaginable. Here this hornet's nest will enable experts to prevent inadvertent: software certification. Imagine what happens after an application server is virtualized. If you are virtualizing your current application to be based on IaaS or virtual datacenter applications, you can rely on copying pictures to support pop-up windows. If your certificate is based on each server or per processor, how many certificates are required to authenticate once the copy key is pressed?

Recently, software developers have launched a new software certification boom (Microsoft has mobile certification) to ease the problem. However, developers do not have enough wisdom to penetrate the cloud realm, to obtain a simple authentication law. Note, security experts, that software certification management issues are more likely to cause business problems than security issues themselves. However, because the software certification management itself has a clear risk factors (improper application itself is a risk), but also because certificate security is a security company's signboard, software certification management has become a hot topic of choice for experts.

Software certificate Management in virtual environment

In the cloud environment, the difficulty of certificate management is that traditional automated software resource management is difficult to carry out in the virtual environment. Those tools crawl through the Web in a virtual environment, searching for fast-moving software, unable to get offline and sleep (stop or rest) virtual images. Some tools use proxy notification server to lock one server, this method will cause the identification crisis, because a large number of copies of the image back to the server, contention ownership, resulting in unrecognized. Unless a software storage tool can recognize virtual information (a feature that traditional tools do not), automated methods will inevitably have a blind spot.

Manual operation? The actual resource catalog order is adjusted during the operation, and when the software certificate is marked, the problem of the automation tool in the virtual environment occurs. Documenting all accurate and complete virtual image catalogs is a depressing job for all companies. Water can also overturn the boat, even if the software catalog can achieve the desired effect, he will also have unpredictable consequences. For example, the measurement tool will classify the software functions, once the certificate reached the set limit, a large number of pages pop-up, the consequences unimaginable (trouble can not be excluded.) )

Analysis on the management strategy of cloud software authentication

Of course, a free certificate is a wonderful thing to do with "every license", "every seat" or any other restrictive authentication strategy. Such wonderful things can also cause the pragmatists to collapse. When large data is moved (that is, a large number of computer data is virtualized), no user can guarantee that his various certificates can eliminate various obstacles, singing all the way.

In fact an effective countermeasure (for the most constrained mobile scheme) is to assume that these restrictive certificates have been installed in real resources. This means that there are two forms of data in the system that explain this existence: one explanation is what the certificate is, and the other is what image corresponds to the certificate. With this corresponding relationship, the user can naturally find the relative application of the image, the field to define the business or operating rules in practical applications.

To better understand authentication constraints, we can interpret this process as the verification of the actual resources we have been working on. If the user is unable to trace, can refer to external information Security assistance. Introduce other participants (who have all the certificate parameter records for traditional software) or buy some assistive tools. Compared with the existing certificate of the host, the user can draw a list of the certificate restrictions that require special attention.

Once a special certificate certification requirements directory is available, users can start updating the software directory to maintain client virtualization. Some gadgets are recommended here, paid download tools such as FlexNet Manager platform of the Flexera Software LLC in Chicago and x-formation certification data from Denmark. These tools can be used in the management program to search for the relevant data we need, or even search out the dormant image. Traditional resource management tools such as public resources Glpi and Fusioninvenroty can also achieve this effect. They can list the host's resource list, associate the VM software vcenter, and users can create scripts to automate certificate collection (for example, the hibernate image is refreshed on the online inventory).

The reality is that we can't finish the project overnight. However, in the cloud distribution before the spread of attention to software certification management, so that we have more confidence in the face of the impending serious challenges.

(Responsible editor: The good of the Legacy)