Securing physical IT infrastructures through immutability
2019 (Engelska) Självständigt arbete på avancerad nivå (masterexamen), 80 poäng / 120 hp
Studentuppsats (Examensarbete)
Abstract [en]
Configuration drifts are one of issues IT infrastructures of any sort are confronting with nowadays. They representdifferences in configurations of servers participating to the same service and are a main source of vulnerabilitiesand service disruption. For cloud and virtual environments, there is already a solution that makes sure servers’configurations are kept consistent - immutability. Immutability is a DevOps practice which implies redeployingor recreating servers frequently with the same configuration or an updated configuration, overriding any manualchanges. For physical servers, which are still present and needed in an infrastructure, it appears there are no similarsolutions and relevant research in this direction appears to be very limited. This research tries to determine theresources and steps for transforming physical servers into immutable servers and does this by creating a frameworkto implement immutability as it is implemented in cloud environments. The framework is built following standarddesign research steps and it is based on different resources like automation tools and existing immutabilityframeworks for cloud. In the end the framework feasibility is tested. The feasibility is assessed by measuring thetime spent in a deployment, the capacity to deploy multiple servers at the same time and the degree ofconfigurations drifts resulted after the deployment. The framework needs to be able to install servers in a shorttime in order to accommodate frequent installations, like it happens in cloud environments. It needs to be ableto install multiple servers in parallel in order to be attractive for engineers and speed deployments. It needs tomake sure all servers have the same configuration. Also, the framework needs to accommodate other infrastructurerequirements like security. Furthermore, a set of design principles are determined from the development process,these are the steps required to be followed in order to build similar frameworks, and not only for physical servers.Finally, this research can be extended to become an action design research by implementing the framework in abusiness environment and using it on a real production infrastructure. It remains to determine whether using theframework, the benefits immutability claims to have: eliminating configuration drifts, reducing security risks andreducing infrastructure management costs, and which proved to be difficult to achieve in physical serversinfrastructures, are attained over a longer period of time.
Ort, förlag, år, upplaga, sidor 2019. , s. 66
Nyckelord [en]
immutability, physical servers, bare-metal, DevOps, configuration drifts, vulnerabilities
Nationell ämneskategori
Datorsystem
Identifikatorer URN: urn:nbn:se:ltu:diva-75798 OAI: oai:DiVA.org:ltu-75798 DiVA, id: diva2:1347683
Ämne / kurs Examensarbete, minst 30 hp
Utbildningsprogram Informationssäkerhet, master
Presentation
2019-08-29, 11:00 (Engelska)
Handledare
Examinatorer
2019-09-102019-09-022019-09-10 Bibliografiskt granskad