security

Cloud Firewall Security – Going Beyond vCloud Director

ByAugust 5, 2016
Advanced-NetworkingWorking in Cloud Engineering at iland, I get the opportunity to help customers deploy our solutions in ways that are specific to their business needs. Often, this involves helping them adapt cloud services to their compliance requirements. I’d like to share one example of this with you which shows how the iland cloud console provides the features customers need to ensure firewall security.

Recently, I had a customer open a ticket to request that syslog be enabled on their vShield Edge firewall.  They said that the request was compliance driven – they needed to be able to track certain activities that were performed on their cloud firewall for internal and external auditing purposes.  Syslog is a message logging protocol that nearly all firewalls support to provide notification of a wide variety of events.  However, you need to have a syslog collector and message parser setup to make use of any device’s syslog output.  This customer did not have either of those things already setup.

As an alternative, I walked the customer through the functionality that is provided through iland’s Enterprise Cloud Services (ECS) console.  The customer was previously only familiar with the generic vCloud Director web interface and hadn’t explored all the offerings of the iland console.  The features the customer was most interested in are outlined below:

• ECS Event History – This report provides a list of state changes that have occurred, the time and type of the change, username of the individual who created the change, and the result.  This includes changes made to the vShield Edge firewall.

• ECS Login Event History – This reports provides logs of authentication events. The report captures date, time, username, login event type (login/logout/login errors), and IP Address of anyone accessing your iland cloud environment.

• Firewall/NAT Restore Points – Anytime a firewall or NAT rule is changed, a restore point is automatically generated.  These restore points allow you to quickly revert back to your previous configuration should you encounter problems.  The iland  console also allows you to view the contents of the restore point before restoring it.

• Firewall/NAT Export Configuration – Using this option, you can download an export of your firewall/NAT configuration. This allows you to save a backup of your firewall/NAT configuration locally.  This is also useful for external IT audits that require you to submit a copy of your firewall configuration for review.

• Firewall/NAT Import Configuration – Using this option, you can restore a firewall/NAT configuration that you previously exported.

After demonstrating these features to the customer, they no longer had any desire to setup syslog.  They said that the iland console provided everything they needed to satisfy their firewall security and compliance requirements.  This is just one of many examples where iland’s cloud console goes the extra mile to provide customers with everything they need to stay compliant, and so much more.  It should also be noted that these features are not available through the generic vCloud Director web interface and are unique to iland’s cloud console.

For me, this customer interaction was very rewarding as it shows that the innovation and new features we continue to develop in the iland cloud console have direct benefit to customers, helping them to use cloud services in new ways and make their day to day working lives easier.
David Templet

David Templet

Dave Templet is a Cloud Engineer at iland where he works with customers deploying and optimizing the networking for their cloud environment. Dave routinely works with customers to configure their virtual firewalls, routers, switches, and load balancers. Prior to joining iland, Dave worked as a network engineer in both the oil & gas and healthcare industries. He has a degree in Management Information Systems from Northwood University.