enStratus is a cloud infrastructure management platform from enStratus Networks LLC that addresses the governance issues associated with deploying systems in public, private, and hybrid clouds.
The enStratus tagline is “governance for the cloud”. The company defines cloud governance to mean:
v Security controls, including user management, encryption, and key management
v Financial controls, including cloud cost tracking, budgets, chargebacks, and multi-currency support
v Audit controls and reporting
v Monitoring and alerting
v Automation, including auto-scaling, cloud bursting, backup management, and change management
v Unified cross-cloud management
enStratus supports both SaaS and on-premise deployment models and manages multi-cloud infrastructures, including combinations of public and private clouds.
enStratus sits outside of the cloud and watches over your cloud infrastructure.
enStratus has four main components:
v The console: Multi-User Console
o The Console: “at-a-glance” window
o Cluster Management: enables you to define your uptime objectives, application architecture, and system configuration and rely on enStratus to manage the deployment and operation of applications.
o Cloud Management: direct control over the cloud resources you are managing.
o User Management:
§ enStratus removes the requirement for sharing cloud credentials by introducing a third layer of user management. As the cloud management platform credentials are held outside of the cloud in an encrypted database. Using enStratus, administrators can focus on access rights and permissions without having to worry about losing control of account credentials.
§ Role based
§ LDAP and Active Directory support.
§ Seamless integration of user management in cloud infrastructure into traditional datacenters
§ Security Groups
§ Roles Management
- Server Manager
v The provisioning system / the monitoring system: It stores all of your critical configuration data and takes actions like backup management, auto-scaling, autorecovery, and more on your behalf. It also monitors your cloud systems and alerts you when events that require your attention are happening.
Active intelligence system that executes actions on your behalf
The credentials system: The Credentials system is a storage system that is not routable from the Internet for storing all authentication and encryption credentials—all encrypted using customer-specific encryption keys that are never stored on the file system or are otherwise accessible to humans.
RabbitMQ and an SMTP service that enStratus can optionally route emails through.
Install an SMS service and write an SMS service plug-in (or use the enStratus Twilio plug-in).
enStratus alert integration with Amazon SNS.
Future work: To enable customers to manage SNS through the enStratus console so that our customers can take advantage of Amazon SNS for their own uses.
enStratus categorizes alerts on a scale of 1 to 10.
v LEVEL 1-3: LOW
v LEVEL 4-6: MEDIUM
v LEVEL 7-10: HIGH
A service is a bundled software package with associated managment scripts that handle the configuration, starting, stopping, and ongoing management of the application. Services are where the behavior of enStratus can be extended and customized to perform as desired.
A deployment is a group of inter-dependent servers/services in an automated configuration controlled by enStratus to ensure security, redundancy, scalability, and recoverability. enStratus governs the deployment according to the parameters defined in Automation > Deployments in the enStratus console.
v enStratus monitors all servers in your account.
v enStratus allows searching/starting of publicly available machine images
v IP Addresses allow for reservation of static ip addresses
v enStratus supports a wide range of load balancers.
o Elastic Load Balancers
o Zeus load balancer.
Firewalls, or security groups, in enStratus control accessibility to running servers. Each account has a firewall called ‘default’ that is the default firewall into which all servers are launched.
Private clouds are often the driving force behind a decision to deploy enStratus on-premise because of the communication channels that enStratus needs with some cloud virtual machines. With the on-premise option, you can install a fully functional version of the enStratus software behind your firewall and it will manage your infrastructure just like the SaaS product.
SaaS product, enStratus requires either a VPN between our data center and yours or a server running an enStratus proxy that enables communication between enStratus and private cloud.
How to Use it?
Need to contact enStratus to get an on-premise deployment license. enStratus
offer trial installations for qualified prospects, but enStratus recommend leveraging the enStratus SaaS trial accounts if you are simply trying to get a feel for enStratus. For those doing an on-premise install, enStratus will provide the software and a license key for your setup.
v Ability to automatically attach, format, and mount RAID volumes through the enStratus console with the option to have those volumes automatically encrypted.
v Auto-scaling, auto-recovery, and automated backups
v Automated backups into the public cloud for “off-site” backups
v Monitoring and alerting of your private cloud infrastructure
v Intrusion detection system integration
v Automated DR into any public cloud
v Provisioning/de-provisioning of VMs based on pre-configured templates and VM sizes
v Creating custom templates based on running VMs
v Budgeting in chargebacks, including tracking costs for a given budget across all clouds
v Audit and report for compliance
v Mange to your service level requirements
v Key Management
v enStratus stores all credentials outside the cloud in a private data center and encrypts all data into the cloud.
v enStratus utilizes the industry standard Advanced Encryption Standard(AES) 256.
v By default, Linux instances are accessed using the ssh protocol. Windows instances through RDP.
v OSSEC host intrusion detection system on all Linux-based images. OSSEC alerting is integrated into enStratus and is accomplished via email.
v SAML and LDAP integration
v enStratus supports a range of scripting languages like use Bash and Python
v Range of logs for firewalls and other system activity
v Support multiple server platforms, Ubuntu, Debian, CentOS, Fedora, Red Hat, Solaris, Windows 2003 and Windows 2008
v File System Encryption
v Backup Encryption
v Billing Alerts
v Unified Reporting
v Shared Resource Accounting
v Only cloud infrastructure management platform that provides full and equal functionality for Windows environments in the cloud as well as Unix systems.
v Support for the Microsoft Azure cloud computing platform
v enStratus color labels can help you color code your cloud servers so that it’s easier to tell what servers can be shut down.
v The alerting system within enStratus is extensible and can be adapted to alert on client-specific rules or systems.
v API – The enStratus API allows you to extend, integrate or customize enStratus for your specific requirements
v enStratus supports all leading public and private clouds including Amazon Web Services, AT&T Synaptic Storage, Cloud.com, EMC Atmos, Eucalyptus, Google Storage, GoGrid, OpenStack, Rackspace, ReliaCloud, ServerExpress, Terremark, VMware and Windows Azure.
v Protect from single cloud vendor lock-in to allow cross cloud operations and migration
v Integration of cloud management with existing IT infrastructure management processes
v Posting of cloud health information to existing infrastructure management tools
v Extend security policies into the cloud environment
v Support for Citrix XenServer
v To meet unique needs of customers, enStratus now provides configurable alert thresholds as well as alerting on any changes to firewall rules
v Automated cloud-bursting from your private cloud into a public cloud
v Support for configurable virtual disks
v Configurable public IP address management
v Support for F5 load balancers
v Rich meta-data including user-friendly naming, color labeling, and descriptions
v Application configuration and deployment
CCSK & enStratus
enStratus , announced that CSA has selected enStratus cloud management platform for their new User Certification Program system. According to Jim Reavis, Executive Director of CSA, The Cloud Security Alliance requires a cloud management platform that provides the critical cloud governance capabilities. For this reason, we selected enStratus and have deployed their cloud management platform to improve the resiliency and availability of our certification system.
What vSphere + enStratus Means
It’s possible to take the enStratus SaaS offering and point it to vSphere SDK endpoint and have an instant cloud-like environment. enStratus will auto-discover all of the resources in VMware infrastructure and immediately enable unified chargeback tracking between VMware private “cloud” and public clouds.
v Setup of a DHCP host within the same VLAN(s) as your virtual machines
v Defining supported server “sizes” (e.g. 1 CPU with 512M RAM, 8 CPU with 64G RAM, etc.)
v Defining chargebacks for various server size, operating system, and software combos
v Setting up baseline templates that will be used to support new VMs.
In SaaS offering, need to connect our SaaS environment to VLANs via VPN or VPN proxy tool. No such intermediary is required for on-premise deployment.
Supported Clouds and Cloud Platforms
|Computev Amazon Web Servicesv Cloud Centralv GoGridv Rackspacev ReliaCloudv Terremark vCloud Express||Storagev Amazon Web Servicesv AT&T Synaptic Storagev Azure Services Platformv Googlev Rackspace||Cloud Platformsv Atmosv Cloud.comv Eucalyptusv OpenStackv vCloudv vSphere|
In addition, enStratus provide cloud-like support for traditional vSphere environments with support for XenServer and Nimbula coming soon.