Your Guide to OnApp Security

imagesOnApp Cloud has a multi-layered security model. It enables providers and their customers to customize security measures at the network, hypervisor and virtual machine layer. All you need to do first is domain name.


Customer Isolation Module (CIM)

OnApp’s Customer Isolation Module has three main functions for:

Secure VLAN sharing: CIM enables secure sharing of VLANs among multiple virtual machines, managing multiple VLANs in the cloud and their assigned IPs

Private VLANs: with CIM client isolation, every user is secure in their own section of the cloud. OnApp gives you the security of a private VLAN system with less overhead.

CIM firewall: CIM provides an additional layer of managed firewall  security on hypervisors (see below).
Four level firewall security
An OnApp cloud has, as standard, four layers of firewall protection. This includes firewalls on the network, firewalls on hypervisors and firewalls on individual virtual machines and domains. This may, of course, be extended with the and additional hardware/software firewalling at the network infrastructure, hypervisor and virtual machine layer and hot image.

Network/infrastructure firewalls: hardware firewalls built into the cloud host’s network infrastructure/datacenter infrastructure.

Hypervisor firewalls: OnApp makes full use of firewalling and other security features built into supported hypervisor platforms to maintain complete isolation of virtual machines and their data.

CIM firewalls: OnApp also features proprietary firewall technology built into hypervisors as part of the CIM module. This provides additional anti-spoofing and anti-sniffing ecommerce protection to ensure VMs cannot interact with other VMs’ data, except where explicitly allowed. The firewall examine packets entering and leaving virtual machines, blocks any that do not meet rules set by the OnApp Controller server.

Virtual machine firewalls: the final layer is an end-user firewall that is configurable on each individual virtual cloud cluster machine. Each VM can be configured to accept or drop traffic from specified IPs.
Enhanced security VM templates
OnApp virtual machine templates can easily be configured with dedicated security technologies, such as Gazzang encryption. By incorporating additional security technologies into virtual machines, cloud hosts (and their customers) can easily configure virtual machines to support additional security and compliance requirements, such as PCI.

Originally appeared on

Comments are closed.