Securing physical IT infrastructures through immutability
2019 (English)Independent thesis Advanced level (degree of Master (Two Years)), 80 credits / 120 HE credits
Student thesis
Abstract [en]
Configuration drifts are one of issues IT infrastructures of any sort are confronting with nowadays. They representdifferences in configurations of servers participating to the same service and are a main source of vulnerabilitiesand service disruption. For cloud and virtual environments, there is already a solution that makes sure servers’configurations are kept consistent - immutability. Immutability is a DevOps practice which implies redeployingor recreating servers frequently with the same configuration or an updated configuration, overriding any manualchanges. For physical servers, which are still present and needed in an infrastructure, it appears there are no similarsolutions and relevant research in this direction appears to be very limited. This research tries to determine theresources and steps for transforming physical servers into immutable servers and does this by creating a frameworkto implement immutability as it is implemented in cloud environments. The framework is built following standarddesign research steps and it is based on different resources like automation tools and existing immutabilityframeworks for cloud. In the end the framework feasibility is tested. The feasibility is assessed by measuring thetime spent in a deployment, the capacity to deploy multiple servers at the same time and the degree ofconfigurations drifts resulted after the deployment. The framework needs to be able to install servers in a shorttime in order to accommodate frequent installations, like it happens in cloud environments. It needs to be ableto install multiple servers in parallel in order to be attractive for engineers and speed deployments. It needs tomake sure all servers have the same configuration. Also, the framework needs to accommodate other infrastructurerequirements like security. Furthermore, a set of design principles are determined from the development process,these are the steps required to be followed in order to build similar frameworks, and not only for physical servers.Finally, this research can be extended to become an action design research by implementing the framework in abusiness environment and using it on a real production infrastructure. It remains to determine whether using theframework, the benefits immutability claims to have: eliminating configuration drifts, reducing security risks andreducing infrastructure management costs, and which proved to be difficult to achieve in physical serversinfrastructures, are attained over a longer period of time.
Place, publisher, year, edition, pages
2019. , p. 66
Keywords [en]
immutability, physical servers, bare-metal, DevOps, configuration drifts, vulnerabilities
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:ltu:diva-75798OAI: oai:DiVA.org:ltu-75798DiVA, id: diva2:1347683
Subject / course
Student thesis, at least 30 credits
Educational program
Information Security, master's level (120 credits)
Presentation
2019-08-29, 11:00 (English)
Supervisors
Examiners
2019-09-102019-09-022019-09-10Bibliographically approved