Cloudify 4.2 Has Landed – Security, Control, and True Self Service
- December 5, 2017
- Posted by: Sivan Barzily
- Category: Cloudify, RBAC, Security
We’re excited to share with you the latest milestone of Cloudify – the multi-stack, robust and secure, truly self service Cloudify 4.2 release.
Cloudify 4.2 continues the journey that started with 4.0 toward becoming an even stronger cloud management and orchestration solution, based on our guiding tenets, and further enhances interoperability through advanced integrations with leading technologies. It adds advanced features in the areas of security, isolation and fine-grained control, and introduces new features that provide insights and analytics on resource usage cost management.
As always, you can get started with the latest version of Cloudify on our download page.
Watch our upcoming Kubernetes Webinar! REGISTER NOW
Here’s What’s New in 4.2
Governance and Control
Cloudify 4.2 significantly enhances Role Based Access Control (RBAC), more on that in a future blog post, by adding new roles (including viewer, tenant manager, and operations) to provide finer granularity, control, and permissioning. Roles can also be assigned to user groups, and can span multiple tenants – so the same user can have different roles in different tenants. Custom roles are supported as well, and organizations requiring a different permissions model can define their own roles for Cloudify operations.
While RBAC enables governance of operations, resource governance and privacy is controlled via resource availability levels. Availability levels can be set to default – making the resource visible and usable to the tenant, private – thus visible only to the user who uploaded or created it. And starting with Cloudify 4.2, Global Resources are supported as well, enabling administrators to upload plugins, blueprints, and secrets so they are available to all users in all tenants.
This latest release also includes template management, enabling administrators to create custom UI dashboards and define behaviors per role per tenant, for complete governance over the way Cloudify is consumed within the organization.
Watch this awesome video of our Template Management in action!
Cloudify 4.2 enables SSO via SAML authentication, on the popular OKTA system.
For communication between the managed entities and the Cloudify Manager, multiple management networks can be defined to support segregated security zones or multi-cloud setups.
Installation of Cloudify agents via user data has been enhanced from a security perspective as well.
In the previous release, Cloudify Composer was added to the Cloudify Manager installation for a visual, drag-and-drop, experience of application modeling. In Cloudify 4.2, a unified login system has been introduced for a seamless experience of moving between Cloudify UI and Composer.
The Composer now supports both graphical editing mode, for constructing topologies quickly, as well as source editing for quick changes or advanced edits. This two-way editing enables a more complete end-to-end experience creating application blueprints through Cloudify Composer.
Cloudify’s self service UI, introduced in 4.0, got rave reviews from users, being an open framework on which custom widgets could easily be developed. To ensure this can be done optimally, and so all Cloudify users benefit from the advantages of a graphical interface, we open sourced the UI framework and added it to the community release starting in 4.2.
For CLI users, the CLI is now also available in Cloudify Manager, and a new shiny CLI for Mac has been released as well which you can find on the download page.
Interoperability and Cross Cloud Functionality
Cloudify 4.2 makes Kubernetes, the default open-source Linux container management software, interoperable with the rest of the world through a native multi-stack and multi-cloud provider written in Go, as well as the already released native K8S plugin.
Additional enhancements were made to existing plugins, including AWS, OpenStack (now Newton verified!), and GCP. Additional information can be found on our plugins page.
From a standardization standpoint, TOSCA Simple Profile 1.0 is now supported, via the Cloudify-ARIA-Plugin. The plug-in allows orchestrating TOSCA CSAR packages by introducing a new ARIA node type for Cloudify, that exposes Project ARIA’s capabilities to Cloudify.
Insights and Analytics
Starting with Cloudify 4.2, users can request the insights service (more on this in a future blog post) designed to monitor, manage, and analyze cloud utilization and cost – allowing IT managers to gain better control and visibility of the overall utilization per user and application deployment in a multi-cloud environment. To get access to this advanced feature, please contact us!
We are working hard to add more great functionality and features to Cloudify, so we encourage everyone to give us feedback and suggest new features in our User Group. And keep on the lookout for Cloudify 4.3 which will introduce a much more simplified installation process, additional security enhancements, and other goodies.