Glenn Brunette, a Distinguished Engineer at Sun Microsystems has just informed me of a new project released earlier today called "OpenSolaris Immutable Service Containers" which may form the basis for what he describes as "Autonomic Security". According to Brunette using Immutable Service Containers as a core cloud building block enables some very interesting use cases in the area of adaptive and autonomic cloud security architectures. Several potential use cases are shown in a diagram set posted on flickr.
For those unfamiliar with Immutable Service Containers (ISC), it is an architectural deployment pattern used to describe a foundation for highly secure service delivery. ISCs are essentially a container into which a service or set of services is configured and deployed. First and foremost, ISCs are not based upon any one product or technology. In fact, an actual instantiation of an ISC can and often will differ based upon customer and application requirements. That said, each ISC embodies at its core the key principles inherent in the Sun Systemic Security framework including: self-preservation, defense in depth, least privilege, compartmentalization and proportionality.
As part of a more holistic view, it is expected that Immutable Service Containers will form the most basic architectural building block for more complex, highly adaptive and autonomic security architectures. The goal of this project is is to more fully describe the architecture and attributes of ISCs, their inherent benefits, their construction as well as to document practical examples using various web-scale software applications.
Immutable Service Containers offer the following benefits over more traditional deployment models:
- Consistent, repeatable and secure packaging for the deployment and management of services. "One service per container", configured once and deployed everywhere.
- Specific and clear approach to integrating platform security with services to provide enhanced security beyond what is typically deployed in most IT organizations today.
- Strategy for the implementation of recommended security practices in a focused, supported way.
- Flexible security to accommodate a variety of application and operational requirements and scenarios.