Innovating@Sun Podcast on Immutable Service Containers (ISC)

Immutable Service Containers (ISC) are defined as an architectural deployment pattern for highly secure service delivery designed to protect virtualized environments. Sun Distinguished Engineer and Chief Security Architect Glenn Brunette discusses the ISC project in an episode of Innovation@Sun with Hal Stern, a distinguished engineer himself and VP of Global Systems Engineering at Sun.

Brunette discusses ISCs and how building them along principles of stronger security, greater integrity, and simplified security configuration and management is a viable solution for organizations looking to safeguard their virtualized environments.

In explaining the project's goal, Brunette says, "Essentially what we are trying to do is define the set of qualities and attributes that we’d like to see implemented in cloud or virtualized architectures in order to create really a security-reinforced environment in which services can run."

The way Brunette sees it, there are three things ISCs must do:

1) they need to protect services from unauthorized external influence

2) they need to protect the rest of the world should that service be compromised

3) they need to provide a way of promoting reliable auditing and instrumentation of the service so users know what is going on in the event there is a problem.

In the 14 1/2 minute podcast, Brunette explains how ISCs are working toward meeting those requirements as he and Stern sift through the following topics:

micro-virtualization: how adding a thin management layer between the hypervisor and the service lends reliability to security enforcement and monitoring controls

how "immutable" Immutable Service Containers really are

defense in depth measures being taken

current implementations with Solaris and OpenSolaris

what's next for ISCs, including building core concepts into projects such as OpenSolaris on EC2 & the JeOS project; VirtualBox implementations; and integration of autonomic security techniques

More Information

Immutable Service Containers: Addressing Security in a World of Changing Deployment - Innovating@Sun

Immutable Service Containers and its OpenSolaris Instantiation

NEW: OpenSolaris Immutable Service Containers: - Glenn Brunette's blog entry

ISC Project on the Project Kenai site

OpenSolaris ISC - includes the construction kit download

Glenn Brunette on Immutable Service Containers

Sun BluePrints on Sun Systemic Security [...read more...]

Keywords:

fullsource

Current

Profile

Archive

Blog

Generate newsletter

Other articles in the Security section of Volume 139, Issue 1:

Innovating@Sun Podcast on Immutable Service Containers (ISC) (this article)

See all archived articles in the Security section.

Top 10 Most Popular Articles in Current Issue (Vol 168, Issue 1)
Sun ZFS Storage Appliances Earn Highest Ratings for Enterprise and Midrange NAS Systems SPARC T4 Server Momentum Expands Demand for SPARC System Oracle Sun Ray 3 Series Clients Capture 2011 Good Design Award SPARC T4 Servers Find Favor with Telecommunications Service Providers Oracle Ships Over 1 Exabyte of Media for StorageTek T10000C Tape Drives	How to Manage the ZFS Storage Appliance with JavaScript: Three Approaches Exactly What Is Big Data? Building a Secure Cloud with Identity Management Oracle Secure Global Desktop Allows Simplified, Anywhere, Access to Applications Migrating from SUSE Linux to Oracle Linux 5.5