Security is a first-class citizen in Cloudify being baked in to all aspects of the application lifecycle. On top of business critical features such as Role-Based Access Control via LDAP & SAML integration, Multi-Tenancy & High Availability, Resource Isolation & Management; Cloudify also has enhanced client-server communication, alongside manager-agent communication over secure proxy & SSL.
In addition to being able to govern your IT environments & resources more closely, preventing shadow IT, Cloudify also makes it possible to apply common automation to regulatory compliance via simple policies. Cloudify is built for robust fault tolerance and scale being able to detect application and network failures or load, and remediate & scale your environment, as well as detect breaches and isolate compromised applications from the stack.
A Cloudify Manager can contain multiple tenants with multiple users each with different levels of access to resources. Cloudify also implements role-based access control through user roles and permissions enabling sys admins to define which users have access to what resources. LDAP integration is also available in Cloudify.
With various user roles within tenants as well as resource isolation, Cloudify offers greater control to IT while ensuring the flexibility to make changes quickly in an automated manner.Read the Blog Post
Resources such as blueprints, secrets, and plugins can be made private, shared within a tenant, or made global to any user inside Cloudify Manager. The user who uploaded the resource can also change it from Private to Tenant or Global, or from Tenant to Global. Cloudify also built a native secret store to enable storing of sensitive information such as cloud credential, passwords, certificates, and keys as well as any other internal or external resources. This enables users to ensure all secrets are stored separately from blueprints, and adhere to isolation requirements between different tenants. It also means users can include the secret’s key in a blueprint rather than the actual values, and secrets can be shared across tenants as well as globally within Cloudify Manager.Read More
Cloudify utilizes SSL to support both internal, between its own services, and external communication, between Cloudify Manager and its users. The certificates used for all communication, internal and external, are separate, and customers can also provide their own certificates or use a Certificate Authority (CA) in order to sign the certificates.
Internal communication between Cloudify components run on dedicated ports and are blocked from external access.
Moreover, external access to Cloudify Manager through any method, be it the UI, CLI, REST, requires authentication. Authentication methods include user/pass, LDAP integration, as well as Okta integration.Learn More
See our videos demonstrating governance and access control with Cloudify