On Feb 7, 2014, at 6:31 PM, David Nalley <da...@gnsa.us> wrote: > On Fri, Feb 7, 2014 at 9:02 PM, John Kinsella <j...@stratosec.co> wrote: >> Folks - we're getting bitten occasionally by stability issues on some of our >> customer VMs indirectly related to ACS: >> >> * The billing package[1] we use is touchy, and will occasionally reboot VMs >> when we bring up the VM's details page in the billing package >> * ACS recently lost connectivity with a node, asked the VR to ping the VMs >> but was blocked by host firewall, so decided the VM was down and then killed >> it after reconnecting to the node >> * Something was either fat-fingered or mis-intreperted in billing package, >> and deleting a licensing product from a customer resulted in it telling ACS >> to delete a domain, user, the 10 VMs in it and their storage (Luckily I saw >> the grey icon of Shutdown/Expunge and shut down mgmt server, but not before >> losing one VM. Somehow I haven't had a heart attack yet) >> >> My thought is each VM would have a LOCK field - when that's set, it >> basically becomes "read-only" to ACS - stats are gathered, it monitors if >> it's up/down, but any change in running state, the node it's on, storage, >> network, firewalls etc would be denied without some type of authorization >> (I'm not sure what I mean here yet, if it's a separate login or maybe >> authenticating to get a token and then present it with the change, or...). >> >> I understand in a larger environment there's too much happening and this >> could backfire, but for our customers with legacy non-cloud architectures, >> stability is hugely important and anything we can do to help with that is >> worthwhile. Maybe in a "phase 2" of this implementation granular controls >> could be added to specify what could/could not happen during "production >> lock"... >> >> Looking to gauge interest and ideas/suggestions in something like this. >> Unfortunately it just jumped pretty much to the top of my priority list... >> >> John >> 1: I'd rather not say which at this point. > > > AWS has 'Termination Protection' and in that light it makes sense to me.
Hm thanks, will take a look
