This topic contains the following sections:
- Scaling Up/Out
- Secondary Contact
- Security Group
- Security Issue
- Security Scanning
Software as a Service, cloud service offering application software and related infrastructure and platforms. Users can access and operate the software without installing it on their computers.
See the Cloud Computing. IaaS / PaaS / SaaS Layers presentation for more information.
Visit the Cloud Orchestration Framework page for the details on SaaS capabilities used in the Cloud Orchestrator.
Scaling, that is, adapting the system size to the business needs, can be vertical (scaling up) or horizontal (scaling out).
Scaling-up, or vertical scaling, means increasing the system capacity by adding more processors and RAM. Scaling-up has the following specifics:
- Lower power consumption and cooling costs
- Lower licensing fees
- Simpler implementation and less networking hardware
- Higher equipment costs
- Upgradability limitations
- Greater risks of hardware failure
Scaling-out, or horizontal scaling, means adding more servers using fewer processors and less RAM. Scaling-out has the following specifics:
- Lower equipment costs
- Higher reliability and upgradability
- Higher licensing fees
- Higher power consumption and cooling costs
- More networking hardware
Configuration allowing automatic performance of specified VM manipulation actions at specified time.
Properly configured schedules can save project time and costs and, therefore, increase the project efficiency. For example, setting a schedule to stop a virtual machine every day at the end of the working hours will lower the VM cost, as resources of a stopped VM are charged at a lower rate and sometimes not at all.
The user notified about certain project-related events, instance status changes and security issues.
In EPAM Cloud, the Project Coordinator is the secondary contact for the project. Secondary contacts are assigned automatically according to the user's role in UPSA.
See Security Policy for details.
Security measure used in AWS.
All instances created in AWS either by EPAM or AWS tools are assigned four security groups. Three groups contain the allowed IP addresses grouped by geographic regions. The fourth group is empty and used for adding custom IP addresses to provide external access.
The following security groups are available:
|Security Group Name||Covered Regions|
|epam-world||US, Canada, Kazakhstan, China, India, Armenia|
|epam-europe||Offices in Europe|
|epam-by-ru||Offices in Russia and Belarus|
|Customer||Customers and Custom IP addresses|
See the Hybrid Cloud Guide, Section 8, Security, for details.
Conditions under which vulnerabilities can arise.
Issues detected in the system are categorized as critical, high or medium according to the severity of security risk they may pose. The severity level is evaluated by the system and stated in the weekly security report.
EPAM Cloud Security Policy establishes the following deadlines for resolving security issues:
- Critical: 7 days
- High: 10 days
- Medium: 10 days
See Security Policy for details.
Security procedure involving checking instances for vulnerabilities.
In EPAM Cloud, security scanning is implemented through Nessus security scanners. Currently, two Nessus scanners are used - one in the EPAM Cloud and one in the Amazon Cloud. Both can scan virtual machines within their respective clouds and outside them. This way, both internal and external security issues and vulnerabilities are detected and responded to promptly.
Visit the Nessus Official Website for more information.
Underlying concept of EPAM Cloud in which users evaluate, create, monitor and analyze their resources and control their costs independently
An account created to set up the access for external CI/CD tools to the project in EPAM Cloud.
See the Security Policy, Section 3.2.4, Service Accounts, for details.
Simple User Account
An account created based on the existing EPAM service account, or for an external user, who needs to have access to EPAM Cloud.
See the Security Policy, Section 3.2.5, Simple User Account, for details.
Service Level Agreement, the agreement between the service recipient and the service provider defining the service scope and quality and the responsibility of the service provider, particularly, the service delivery time.
The SLA of EPAM Cloud defines the following service delivery times:
- Service Availability frame: 24/7
- Service Operation frame (Cloud Support Level 1.5): 24/7
- Cloud Support Level 1 (HelpDesk): 24/7
- Cloud Support Level 2: Mon-Fri, 9:00-18:00 Minsk time
- Cloud Support Level 3: Mon-Fri, 9:00-18:00 Kiev time
- Cloud Consulting: Mon-Fri, 9:00-18:00 Minsk time
- Exceptional one-time unavailability: no longer than 1 hour
- Planned one-time unavailability: no longer than 3 hours
See the EPAM Cloud Terms and Conditions for details.
Sonar (SonarQube) is an open-source platform designed for code quality management. The platform supports over 20 programming languages and is easily extendable by various convenient plugins. As a web application, SonarQube allows to perform necessary configurations and monitoring online.
In EPAM Cloud, SonarQube can be obtained as an instance of the Sonar Service.
See the SonarQube web-site for details on the product.
The Secure Shell (SSH) protocol creates a channel between an SSH client and an SSH server, enabling a secure connection over an unsecured network. The typical example of SSH usage is logging in to remote computers by users. This also applies to connecting to virtual instances in EPAM Cloud and public cloud providers, supported by EPAM Orchestrator.
SSH key is a tool that allows to identify the user and proceed with the connection. The key pair consists of two parts: the public key stored at SSH server (in EPAM Cloud - in Orchestrator), and the private key, stored on the user's workstation.
An EPAM Cloud user can either create a key pair using Maestro CLI (or2addkey), or import an existing key for the further usage (or2ikey). To be used for logging in to virtual instances, the SSH key is typically specified at instance creation.
The user is fully responsible for the private key secure storage on their workstation.
See Cloud Identity Service page for more details on SSH Usage in EPAM Cloud.
Single Sign-On - an authentication approach which allows users login different applications using the same login credentials. This approach is implemented for all parts of EPAM eco-system. After you login once, your credentials will be automatically fetched when you switch from application to allication.
In addition, EPAM Cloud supports SSO login to AWS management console which allows you to get to AWS facilities without submitting additional requests and without need to create IAM users.
A subnet is a logical part within a larger network.
In EPAM Cloud, each project is activated in a specific subnet within EPAM network, so that the infrastructures belonging to different projects do not interfere with each other. This also applies to infrastructures in public cloud providers.