As a valued customer of Joyent, we want to make sure you get the best possible service from us and that your investment in Joyent-based infrastructure is protected against failure and unauthorised access. The purpose of this article is to make sure that you are fully aware of the steps required to ensure recoverability and security of your VMs.
Our Terms of Service (http://www.joyent.com/company/policies/terms-of-service) sections 3.C and 3.D define your responsibility in the areas of Security and Data Preservation.
With regard to data preservation, as a minimum you need to implement the following to ensure your data is recoverable in the event of a system failure:
- Take regular backups and move those backups off the VM to some form of secondary storage. This could be to one of our secondary storage options such as Manta (http://www.joyent.com/products/manta), or to a machine in another physical location (such as your own premises), or another one of Joyent's data centers.
- Ensure that you use the appropriate tools for your backups. Flat files can be backed up using commands such as tar, zip etc. Database systems need to be backed up using the tools recommended for the specific system. Consult the documentation for the systems you use to determine the correct backup method.
- Take backups at a frequency that will minimise data loss in the event of a failure. The frequency can be determined by assessing just how much data loss you can tolerate and how volatile your data is. If you cannot tolerate any data loss, you should look at implementing real-time replication of data to a backup area.
- Test your data recovery procedure regularly, to ensure that your backups are valid.
In respect of Security, you will be aware that SmartOS and Linux VMs are protected by SSL security by default. However, all ports are open. Windows is protected by passwords generated when the machine is created. As a minimum, you should take the following steps to ensure security - but this is only advisory information. Even with the following steps carried out, you should undertake your own analysis to ensure your machines are as secure as you require them:
- Change all passwords that have been generated for any accounts/logins on your machines. The passwords generated by the provisioning system are intended for first-time use only.
- Review open access ports and block or restrict access to ports as necessary.
- Regularly perform a security audit to validate who is logging into the machines and from where.
Backup and Security can be complex topics, so we have deliberately only scratched the surface in this article in order to raise awareness and to ensure that you are thinking about the processes and procedures you need to have in place.