Intrusion prevention and detection system

[Kynao]

Quite some time i didn't check this one but isn't it cool ? Snorby http://snorby.org/
I would well see it as an optional package on top of Opennode and integrated into the interface.

[ilja_l]

Hi, Alexandre

It's a nice idea. We are thinking of releasing a separate build of opennode6, smth like opennode6-sec with configured firewalls, snort/snorby, selinux, etc.

What do you mean by integration? At what level? Common identity management? Link from opennode management system?

[Kynao]

Yes, i meant installed on opennode and a basic link from opennode management system without launching new window or tab, just "included" in the gui.
By optional, i were thinking of some kind of Opennode app repository (like an appstore if you want) where you pick the app you're interested in.
Each would have been planned for either opennode itself or proposed as an image appliance.

[ilja_l]

Ok, so we could do something like we do with Zabbix at the moment - install server on opennode management server machine, and have agent preinstalled in the opennode6 machine. OMS would then be used for enabling that server (IDS is a bit heavy weight to have it running by default).

"App-store" is indeed planned. We have more and more applications packaged as templates, it makes sense to have a separate 'shop' for that.

[Kynao]

That looks perfect .
Does tha app-store planned for Opennode itself ? images appliances ? or both of them ?
By images appliances and as the meaning is not explicit, the load balancing feature request (http://opennode.activesys.org/forum/index.php/topic,95.0.html) is an example of image appliance serving the capabilities the bare-metal has to offer.

This kind of feature could be built-in opennode or could be proposed in an app-store, an image appliance app-store to be precise in this case.

[ilja_l]

Before answering your question: what do you mean by "Does tha app-store planned for Opennode itself?"

[Kynao]

Our talk on Snorby (opennode.activesys.org/forum/index.php/topic,105.0.html) is an example of application on top of Opennode.
So, in this case, snorby would be an app proposed in our appstore and planned to be installed on top of Opennode, that is, not as an image appliance.

That's why i make the distinction between the two in my question.

[Kynao]

That looks perfect .
Does tha app-store planned for Opennode itself ? images appliances ? or both of them ?
By images appliances and as the meaning is not explicit, the load balancing feature request (http://opennode.activesys.org/forum/index.php/topic,95.0.html) is an example of image appliance serving the capabilities the bare-metal has to offer.

This kind of feature could be built-in opennode or could be proposed in an app-store, an image appliance app-store to be precise in this case.

Is there news on this ? Proxmox has now turnkey linux openvz images. I thought that Opennode could rely on Webuzo (from softtaculous).
As i have just suggested OpenNode to Softaculous regarding Webuzo, they can take interest into your work for the time coming.

[activesys]

We did implement multiple template repository support - so some basic groudwork for app store is done. App store portal itself is still in early development phase. But we are very much looking into providing more (appliance) templates than base OS ones... We have also some internally developed appliances (OpenVPN, LDAP, etc) but there is a need for proper documentation and support before they can be widely adopted.

As for Turnkey Linux templates - in order to use them they just need re-packaging into OpenNode OVF (OpenVZ) format - I will evaluate how could we make this happening... I did talk with turnkeylinux people in 2010 about OpenNode Turnkeylinux support - but there was not enough interest at the time to make things moving.

Softaculous looks interesting also - in its simplest case it would just mean VM template re-pack to be usable.

But what we are really looking - is a third-party who would be willing to commit into writing also VM appliance control panels as a OMS/ONC plugins - so we can provide the management infrastructure for VM appliances as well.

[Kynao]

Do we have documentation for OMS/ONC api ? in order some appliances can trigger OMS/ONC capabilities (ie create a vm, shutdown a vm or whatever OMS/ONC can do) and obtain results of triggered actions ?

[activesys]

I think we have ... Ilja can provide more details but Im aware of the following links (source: http://opennodecloud.com/documentation/oms-usage-guide/):

OMS (core services) - http://opennodecloud.com/docs/opennode.oms.core/
ONC (web-frontend) - http://opennodecloud.com/docs/opennode.onc/
KNOT (private-cloud plugin for OMS) - http://opennodecloud.com/docs/opennode.knot/

[Kynao]

Thanks.
I didn't find api through

[activesys]

I will discuss writing an api tutorial with the team....

[ilja_l]

Hi, Kynao

API is in the making. Stay tuned.

For commands we have a default mapping describe here:http://opennodecloud.com/docs/opennode.oms.core/gen/opennode.oms.endpoint.httprest.html#opennode.oms.endpoint.httprest.view.CommandView.render_PUT.

[Kynao]

Thanks. Good to know as i'm currently recommanding Opennode to Softaculous as a server virtualization and Cloud Management solution for their webuzo product because after achieving their additional support of nginx (appache currently supported), they will start to introduce high availability options; just thought that opennode could be a very interesting component into the mix.