[Cialug] Access credentials for new cloud instances

Matthew Nuzum newz at bearfruit.org
Mon Jan 23 10:04:34 CST 2012


In an environment where you're using dynamic cloud instances (i.e. you spin
them up and down as demand grows and ebbs) there is a need for your new
instance to talk to your various infrastructure.

For example, you might need to script the installation of your code
downloaded from a central server. There are two ways to do such that come
first to mind, use hard-coded user credentials (i.e. user/password) or use
a hard-coded private/public key. Both of these have a problem, in that you
have to securely communicate this material to the new guest. A further
disadvantage is that you can't revoke only one instance's credentials.

Another option that I have thought of would be to generate credentials on
the guest and then some how authorize them for the new server. This also
has problems: namely that you need a secure channel to communicate your new
credentials with the server and possibly an automatic way to enable them
and authorize the client.

I was curious if anyone else here has thought about this problem and what
they think is a good solution. Again, the goal is to have as automated of a
process as possible. It would be awesome for the infrastructure to respond
to demand magically in the night without sysadmin intervention.

-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20120123/7ca68451/attachment.html>


More information about the Cialug mailing list