Security, Backups & DR/BC
CloudyCluster follows the AWS security best practices as part of its automatic deployment. * The control node deploys a VPC and all computational and storage resources are created within the VPC. * The login instance performs the role of bastion host. * All permissions follow the least necessary privileges philosophy by assigning only the needed permissions to the IAM roles required by the instances to perform their functions. * There are additional security features that can be enabled to meet various security requirements including: * encrypted EBS volumes for OrangeFS * Multi-Factor Authentication * enforce S3 object encryption * Lets-Encrypt for SSL Certificates, updated every 90 Days.
These features can all be enabled through the web user interface.
Backups and Disaster Recovery
- It is recommended that you backup data that is not easily reproducible to S3 and/or Glacier.
- If you automate the automatic deployment and deletion of your environment with Automaton, make sure your critical data is saved outside the environment before you delete it.
- If you need real time BC or DR capabilities, you can run multiple CloudyCluster environments in different regions.