I know nitrous.io uses amazon infrastructure.
Amazon have all security certifications i can remember. The infrastructure is secure. Is a fact!
However nitrous.io is a platform on top of amazon.
What security certifications do nitrous.io have to convince my boss to use it to host sensitive data that no person at action.io could see/copy/delete,etc
Its not enough amazon certifications, nitrous.io could have flaws.
I read the text at
http://help.nitrous.io/admin-security/
http://help.nitrous.io/admin-privacy/
But that is just plain text
Do nitrous.io have security certifications/audits?
Related
I know quite ok that is is not a good idea except for inevitable reasons. it is ideal to host database on the same server with the web applications. However my server couldn't log phpmyadmin using MySQL 5 despite all credentials correctly provided with no error except for the note that "Cookies must be enabled past this point." and i have set cookies to allow, add the website and others configuration and still not working. i have tried several browsers both on PC and mobile phones and its not working either. i tried to create database from several online remote source as FreeSQl, FreeDB, Somee etc, it works fine while tesing through visual studio locally on pc remotely but as soon as i host, it will not work as a result of connection issue which am aware of. i hope someone will help me out, possible provide me with link of where i can create and setup MySql database and the connection will work live on another server where i host my website or How to solve the Phpmyadmin issue. I will fine with it. I am available to answer questions so as to help me achieve my aim. Thanks
Not only is this possible, but is a common setup. You will often have some database server system - and it certainly not going to host the web site. The web site is VERY often hosted and placed on a different server.
In fact, some companies will adopt a hosting company for their web site, but it hits and connects to their database server that is on premises (or so called "on-prem"). In fact this approach is often used to allow say Android phones, and other services to consume data from the company database, but that company would NEVER think of opening up ports to outside connections. (they setup a secure connection between the web hosting system and their local network - often VPN, but it really don't matter. As such the company database server ONLY allows connections from the local network and then say a pre-defined IP address incoming from the web hosting.
So, you can adopt cloud hosted say SQL running on the Azure OS. (SQL Azure). And just like all instances of Azure? Well security can be several approaches. I mean a database hosted on Azure is RARE simply opened up to the wild internet to allow ANY one to connect. Heck, 16 years ago I tested opening up my home router to outside SQL connections. In less then 20 minutes, I began to see attempted logons to that SQl server.
There are bots that scan IP numbers + ports on the internet. So I began to see this:
Logon fail: sa, password="password"
Logon fail: sa, passowrd="123456"
etc. etc. etc.
So there is quote a few companies offering hosted database systems Azure, and AWS come to mind. However, they don't allow just any old one with a IP address to connect. In a lot of cases, security will be some fixed IP address (like for example the companies network or external fixed IP that their ISP provider gives them. While most consumer internet systems are not fixed IP addresses? Today even relative smaller business need and want workers to work remote. So they pay a few extra dollars per month (often only about $10, maybe $20) and now they have a fixed IP address. And from that they tend to setup and adopt a VPN based on that now fixed IP address.
The hosted SQL server? Well, it also will be setup to ONLY accept external incoming request from a known IP address - and thus those bots and IP scanners can't connect.
Now MOST low cost web hosting plans include SQL server or MySQL as part of the low cost hosting package. In that case, the connection from the web site to the database server is INTERNAL and such database systems do NOT allow or permit outside connections to the database server. So, when buying a book on Amazon.com, their web hosting system can easy connect to the database - but that is NOT a outside connection.
However, can you use that VERY low cost budget web hosting, and connect OUT to a outside database? yes, a lot of them allow this, and as noted, it not going to be a surprise that some database is being hosted say on Azure. And as noted, in this case, your web hosting software will thus connect to Azure in much the same way any other outside system connects. So while few web hosting systems allow OUTSIDE connections to the database included with such packages? Well, a lot of them certainly allow you to reach out - and hit other web sites, other web services (maybe a weather and temp display on your site????). So reaching out as a general rule is possible - reaching in? not so much!! about 10 years ago, quite a few web hosting providers - even low cost ones DID allow external ODBC connections to the database system. However, due to security issues - most providers don't allow this. I think even GoDaddy still allows this, but if you do ask for this ability, then the database server(s) you get are different then their regular ones - again they don't want to open up security issues and that can often open up holes to other customers databases hosted on that system. But, as noted, with the rise of SQL Azure and others? We are seeing a real comeback in hosting providers now offering external connections to database systems that are seutp to allow the hosted web sites to hit those databases.
So you have to check with who ever going to provide you with the web hosting, and find out if that web hosting allows "reaching out" to other web services, or reaching out to other database servers - as I noted - this is quite common now. it just a question then does the web hosting say support a VPN to reach out, or say reaching out on a particular port + fixed IP to some database server is the nitry grity details that will vary based on your needs, or what that ISP in fact allows.
So what and who and what ports are allowed to reach out? Well, that's going to be based on what your ISP and hosting plan for the web site allows - you have to check if they allow hosted web sites to "reach out" of their web hosting plans.
What is the difference between application console vs cluster console in openshift enterprise version. I am new to openshift and confused with terminologies. I feel that openshift is like linux kernel in our system(an analogy). On top of that are containers and to orchestrate we have kubernetes. However , the architecture of openshift is exact opposite. Please correct me.
OpenShift is just one of the available Kubernetes distributions, which adds enterprise-level services like authentication, authorization and multitenancy.
The web console provides two perspectives: Administrator and Developer. The Developer perspective provides workflows specific to developer use cases like create, deploy and monitor applications, while Administrator perspective is responsible for managing the cluster resources, users, and projects. Depending on the user's role, you will see a different set of views available in the main menu.
I have a java based web application developed in Amazon EC2. It is doing transactions of confidential information. I have a MySQL server installed all by my self in the same amazon instance. The web application access the database via localhost. In Security Groups, I have created a custom security where the port 8080 (the Tomcat) can be accessed only via localhost.
Considering these, do I still need SSL to make sure the transactions are secured?
It depends. Are you comfortable with plain text inside the datacenter? Don't bother with SSL.
Are you worried about that traffic being sniffed locally (tcpdump) or from a malicious source (for instance, if data was being rerouted from the switch between EC2 instances)? Use SSL.
There's a trend of large companies making sure to encrypt local traffic.
I have just created cloud storage on google for mysql database.
I have added local IP address and server's IP address in authorization (under access control).
It's getting connected in mysql work bench in my local machine. But, it's not connecting with the website which is running on windows azure platform.
Which IP address am I supposed to use in access control?
Website is in basic package of azure.
This is a relatively non-trivial thing to achieve as the GCP services need to know about the public source IP of the Azure service. Azure's IP surface is pretty wide so you'd be unlikely to successfully connect the two. You'll be unlikely to be able use just a single source IP address.
You may be better off looking at a VPN connection out of an Azure VNet to your GCP environment.
To be honest, trying to build any form of performant web experience that hosts the web and data tiers in different public clouds is going to be extremely challenging.
Actually I resolved this issue by opening ticket in azure support.
They have outbound IP addresses range available online. We need to provide those IP addresses to third party access control.
I am sharing you that link here.
https://social.msdn.microsoft.com/Forums/azure/en-US/fd53afb7-14b8-41ca-bfcb-305bdeea413e/maintenance-notice-upcoming-changes-to-increase-capacity-for-outbound-network-calls?forum=windowsazurewebsitespreview
Choose those IP addresses which are associated with your website.
Is it possible to use AWS services to host an application build in following technologies
jsf2/primefaces3
tomcat 6
mysql 5
Apart from these I need email services, blog etc a conventional java based package is this possible in AWS.
Presently I am using one of the hosting provider and my domain is also registered with them so how can I point the domain to point to the AWS hosted website. Is this possible
I can answer most of your questions. Yes it's possible to host an app with those technologies on AWS. You can host any application on an AWS server, as it's just like any other server but you must configure everything yourself, unless you are using a customized AMI.
I wouldn't recommend using AWS to send out email however, as in my experience, a lot of spammers have abused the AWS system, so if you are sending out email newsletters/etc... from an AWS server, it may be treated more strictly by other email server spam filters. It's best to use a third party solution for sending out bulk email.
As for your last question: "how can I point the domain to point to the AWS hosted website", that is way too complicated to answer here. I would suggest hiring someone experienced with DNS to manage this transition. I would recommend that you move your DNS hosting to Amazon's S3 routing service. Then you can easily manage your DNS and other AWS services from one console.
Good luck