Spillbox Products
Depending on the customer’s current presence in the Cloud, either of the two of the existing Spillbox products can be used:
- Spillbox Cloud Bursting: suitable for customers who do not have a dedicated VPN connection to Cloud Service Provider (CSP). Cloud is mostly used in the Burst mode.
- Spillbox Datacenter Bursting: suitable for customers who have a dedicated VPN connection to their CSP and have a Datacenter in the Cloud with an existing multi-user setup inside the VPN.
Spillbox Cloud Bursting Product
What is required from IT?
Spillbox Cloud Bursting product is designed to be self-serviced without requirement for IT to perform setup and maintenance. However, there may be scenarios where corporate users needs IT’s assistance to ensure the following:
- If IT is using domain whitelisting, then IT needs to make sure that spillbox.io is a whitelisted domain.
- Traffic to CSPs like AWS, GCP, Azure etc… are not blocked by IT.
What Infosec team needs to know?
Spillbox solution is a set of software tools to create a secured Hybrid Cloud infrastructure on AWS, GCP and Azure. Spillbox does not require specialized hardware and it does not provide Cloud infrastructure. Customers work directly with CSP of their choice to get a Cloud account and use their own Cloud credentials along with Spillbox. Spillbox has no direct access to customer’s data and network. Customers work directly with their CSPs for account billings etc… Customers have complete visibility and control of their Cloud resources through CSP’s provided console interface or through Cloud CLI/API and can use all the monitoring and visualization tools provided by their CSP. Spillbox uses industry standard protocols to ensure that all Cloud Access Security Broker (CASB) based tools continue to work. Customers can use Cloud region of their choice to Burst their jobs. Spillbox does not require access to customer’s on-premises network either. Spillbox dynamically creates a secured hybrid setup, but customers can bring their own addon tools and security.
Network Security
Since this product is used where customers have no VPN connection to the CSP, Spillbox will provide VPN-like security by creating a VPC and a Public and Private subnet inside the VPC. All the Cloud data is in this private subnet and no port is open to the outside world. Only one https is open to the customer’s on-premise machine. Data between on-premise and Cloud is encrypted https and all applications are authenticated using Oauth 2.0 protocol. Details of the Spillbox network security architecture are in the diagram at Spillbox Security Architecture and have been reviewed by multiple CSPs and large corporations. Customer’s Infosec and IT teams are welcome to contact Spillbox with any questions related to security of Spillbox Cloud Bursting solution.
Spillbox Cloud Bursting product requires users to have Cloud credentials. Users can either use Spillbox’s credentials or bring their own Cloud credentials. In this flow, Spillbox completely isolates one user from the other. Each user has their own isolated setup in a dynamically created VPN-like setup. User isolation extends to on-premise infrastructure, so that no user can see other user’s data, when on-premise data is burst in to the Cloud.
Spillbox Cloud Bursting moves only the data that is accessed by the workload and this is the key for reducing the attack surface. It also allows user-specific configuration of permissions to restrict a certain types or patterns of data inadvertently going to the Cloud.
License
Spillbox Cloud Bursting enables customers to use their existing licenses from on-premise or Cloud by just setting an environment variable. Spillbox automatically creates required connectivity in a secure manner to achieve this. Customers need to ensure that their licenses are valid and adequate for use on the Cloud.
M/C Orchestration and Job Manager
Spillbox Cloud Bursting installs a default m/c orchestration and job manager, but user can bring their own m/c orchestration and job manager to match their existing on-premise job manager.
Spillbox Datacenter Bursting Product
What is required from IT?
Spillbox Datacenter Bursting product runs inside customers’ VPN and IT related setup and maintenance is done by their corporate IT. Here is a high-level description of IT requirements:
- If IT is using domain whitelisting, then IT needs to make sure that spillbox.io is a whitelisted domain.
- IT needs to create a Unix service account and run Spillbox webserver under this account.
- Service account should have Docker/Singularity access.
- IT needs to have list of OS patches to create Docker/Singularity image.
- Service account should have SUDO (super user do) access
- IT needs to allocate an adequate set of machines with enough local storage for data caching.
- If using Docker, then IT needs to setup and maintain Docker image orchestration
What Infosec team needs to know?
Spillbox solution is a set of software tools to create a secured Hybrid Cloud infrastructure between customer’s traditional Datacenters or Datacenters in the Cloud. In the case of Cloud Datacenter, similar to Spillbox Cloud Bursting product, customers directly work with CSP of their choice to setup a Datacenter in the Cloud.
Network Security
Since Spillbox Datacenter Bursting is used with customer’s provided VPN, this product does not require any additional peripheral security. Spillbox synchronizes customer’s data between physical data centers and the Cloud within the customer’s VPN. No data is exposed or ever brought outside of the customer’s VPN.
Spillbox’s Cloud Burst technology isolates local data from remote Cloud Burst data using container technology. Local data and setup do not require any changes and they never get modified. Container technology has been architected to work in a multi-user environment such that user does not require any privileged access.
In Spillbox Datacenter Bursting flow, users do not require any Cloud credentials. Cloud resources are completely managed by the IT team and user’s environment resembles the environment of their on-premise physical datacenter. Users benefits from Elasticity of the Cloud controlled by the IT team.
License
Since customers have a dedicated VPN in this setup, license can be picked up from on-premise or from the Cloud without requiring any help from Spillbox.
Customers need to ensure that their licenses are valid and adequate for use on the Cloud.
M/C Orchestration and Job Manager
Spillbox Datacenter Bursting uses customer’s existing m/c orchestration and job manager and works with all common job managers used in the industry.